Book Image

Mastering Metasploit - Third Edition

By : Nipun Jaswal
Book Image

Mastering Metasploit - Third Edition

By: Nipun Jaswal

Overview of this book

We start by reminding you about the basic functionalities of Metasploit and its use in the most traditional ways. You’ll get to know about the basics of programming Metasploit modules as a refresher and then dive into carrying out exploitation as well building and porting exploits of various kinds in Metasploit. In the next section, you’ll develop the ability to perform testing on various services such as databases, Cloud environment, IoT, mobile, tablets, and similar more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework. By the end of the book, you will be trained specifically on time-saving techniques using Metasploit.
Table of Contents (14 chapters)

Attacking Android with Metasploit

The Android platform can be attacked either by creating a simple APK file, or by injecting the payload into the existing APK. We will cover the first one. Let's get started by generating an APK file with msfvenom, as follows:

On producing the APK file, all we need to do is either convince the victim (perform social engineering) to install the APK, or physically gain access to the phone. Let's see what happens on the phone as soon as a victim downloads the malicious APK:

Once the download is complete, the user installs the file as follows:

Most people never notice what permissions an app asks for while installing a new application on the smartphone. So, an attacker gains complete access to the phone and steals personal data. The preceding screenshot lists the required permissions an application needs to operate correctly. Once the...