1
00:00:00,980 --> 00:00:08,630
In the previous lesson, we successfully compromised Android from our Calli Linux device running Métis

2
00:00:08,630 --> 00:00:14,900
flight, and we inserted a much greater shell that was able to call back to our call box and let us

3
00:00:14,900 --> 00:00:16,640
control things from the command line.

4
00:00:17,060 --> 00:00:20,060
So I downloaded that picture file just a little bit ago.

5
00:00:20,090 --> 00:00:24,860
Let's see how we can get to it and then we'll do a few other fun things here in our Android device.

6
00:00:25,460 --> 00:00:27,590
Back in Cali, I'm still in Interpretor.

7
00:00:28,040 --> 00:00:35,420
I'll run a few more commands like IP config, and I can see that my Android devices, that 10 d'attoma

8
00:00:35,460 --> 00:00:43,190
three to seven stoo, unless there's nothing in this meta split dotcom folder.

9
00:00:43,190 --> 00:00:47,210
But let's go to SD card.

10
00:00:51,100 --> 00:00:52,750
And list the contents.

11
00:00:53,750 --> 00:01:00,350
Well, look at that, we got the entire storage, let's go to download City Download.

12
00:01:02,320 --> 00:01:03,250
Unless.

13
00:01:04,980 --> 00:01:10,470
And look, I downloaded the funny game, that epic a couple of times, I've also got that open logo

14
00:01:10,470 --> 00:01:11,190
75.

15
00:01:11,190 --> 00:01:20,400
So let's take a look at that download open logo, dash seventy five, PMG, and let's go to our home

16
00:01:20,400 --> 00:01:23,630
folder and see if we can see that if we go to home.

17
00:01:24,240 --> 00:01:26,130
I now have an open logo's.

18
00:01:26,130 --> 00:01:27,800
Seventy five PNG.

19
00:01:27,870 --> 00:01:33,390
I can see what I downloaded on that Android device.

20
00:01:33,780 --> 00:01:41,070
So let's go back up one directory, KDDI dot URLs and you notice I have a DC.

21
00:01:41,070 --> 00:01:42,370
I am Fogler.

22
00:01:43,240 --> 00:01:47,540
If you have ever seen the DCM folder, you know what that is that your camera.

23
00:01:47,880 --> 00:01:53,310
So any pictures you may have taken are going to be exposed if they're on your SD card.

24
00:01:53,880 --> 00:02:01,950
Any pictures you may have saved from here, your music, your movies, notifications, ringtones, podcasts,

25
00:02:01,950 --> 00:02:03,840
alarms, you name it.

26
00:02:04,410 --> 00:02:11,130
So if I connect this Android emulator out to the World Wide Web, if I put it on our public nattered

27
00:02:11,130 --> 00:02:17,370
network and then do some surfing, download some images, download some music files, make a few changes,

28
00:02:17,370 --> 00:02:23,010
then bring it back, close out that public net and come back to the internal host only network, I'll

29
00:02:23,010 --> 00:02:28,230
be able to surf everything, see everything that I've done on that Android device from my Calli Linux

30
00:02:28,230 --> 00:02:29,610
box running interpretor.

31
00:02:30,120 --> 00:02:32,250
Well, let's see what else we can do while we're here.

32
00:02:32,250 --> 00:02:38,550
What if we wanted to upload another back door or another executable that we could run on this Android

33
00:02:38,550 --> 00:02:39,090
device?

34
00:02:39,090 --> 00:02:41,040
Well, let's see where we are, P.

35
00:02:41,070 --> 00:02:41,820
W.D..

36
00:02:43,110 --> 00:02:48,870
We're in this simulated storage because this is running on an emulator, but if this were a real Android

37
00:02:48,870 --> 00:02:51,100
device, this would be an actual SD card.

38
00:02:51,660 --> 00:02:58,350
Let's see if we can create a directory or make here make a directory called test.

39
00:03:02,740 --> 00:03:03,910
And enlist.

40
00:03:05,070 --> 00:03:10,530
And notice, I have a new directory called Test, let's see inside their.

41
00:03:12,800 --> 00:03:14,060
CDN to test.

42
00:03:15,700 --> 00:03:18,040
And there's nothing inside test yet.

43
00:03:18,910 --> 00:03:23,530
Let's come over here in our second terminal window or open a second terminal window if you don't have

44
00:03:23,530 --> 00:03:23,800
one.

45
00:03:25,180 --> 00:03:30,100
And let's take this funny game that APJ and upload it, let's move it up one directory.

46
00:03:30,640 --> 00:03:36,090
So I'm going to say Sepi my route dot desktop.

47
00:03:36,100 --> 00:03:38,740
So I'll just say desktop from here because I'm in my home folder.

48
00:03:39,310 --> 00:03:41,290
Fun and then hit tab.

49
00:03:42,660 --> 00:03:43,770
And then say.

50
00:03:45,280 --> 00:03:46,810
To hear Dott.

51
00:03:48,710 --> 00:03:55,280
Because I'm in my home directory by default over here, if I copy that funny game, Rapkay up one directory

52
00:03:55,280 --> 00:04:04,150
or into this home folder and then do unless I want to see my funny game RPK in my root directory.

53
00:04:04,460 --> 00:04:12,040
So I'm in as root TWD on my local machine and you do need to be in root to be able to do this.

54
00:04:12,050 --> 00:04:12,650
Next step.

55
00:04:12,650 --> 00:04:20,870
I'm going to upload funny game epic and then I'll press enter.

56
00:04:22,750 --> 00:04:33,190
Now, do unless and we have uploaded a back door file or a reverse TCP connection that runs interpretor

57
00:04:33,580 --> 00:04:41,260
into a folder on our SD card so remotely from my Caly Linux machine, I've not only compromised that

58
00:04:41,260 --> 00:04:47,860
Android device, now I've uploaded another file in this case, the same interpretor reverse TCP attack,

59
00:04:48,550 --> 00:04:54,100
and it's going to permanently be on that SD card until I find out about it on my Android device and

60
00:04:54,100 --> 00:04:56,080
remove it just for fun.

61
00:04:56,080 --> 00:05:02,980
Let's rename that funny game that apk to something like Security Patch Study.

62
00:05:03,180 --> 00:05:16,610
Okay, so say M.V. Funny Game that APIC security patch, not a B.K..

63
00:05:17,720 --> 00:05:23,690
And then less and now under that test folder and just looks like security patched up.

64
00:05:24,680 --> 00:05:31,790
So we've seen how to download files, how to surf through our entire user directory, our entire SD

65
00:05:31,790 --> 00:05:38,330
card, and see everything from the digital camera pictures that we've taken to our downloads, our movies,

66
00:05:38,330 --> 00:05:41,620
our music, our podcasts, the rest of our stories.

67
00:05:41,630 --> 00:05:50,480
We've even created a folder on our Android device and uploaded another exploit file while we've been

68
00:05:50,480 --> 00:05:53,350
in using interpretor with the reverse TCP.

69
00:05:53,840 --> 00:05:58,340
The combinations of things that you can do with this are almost endless.

70
00:05:58,610 --> 00:06:03,710
And like I said earlier, we've only just begun to use meta splinting interpretor.

71
00:06:03,890 --> 00:06:09,440
There's so much more to learn out of those sixteen hundred exploits and all of the auxillary and other

72
00:06:09,770 --> 00:06:12,140
scripts that you can run from inside Métis.

73
00:06:12,920 --> 00:06:16,130
You've got plenty of things that you can try, plenty of things to learn.

74
00:06:16,340 --> 00:06:22,610
But we've seen that we can compromise an Android device almost exactly as easily and using most of the

75
00:06:22,610 --> 00:06:23,870
same types of tools.

76
00:06:24,290 --> 00:06:30,710
Métis Boyte, an interpreter that we use to break into a Windows seven or Windows 10 computer android

77
00:06:30,710 --> 00:06:31,830
is not much different.

78
00:06:31,850 --> 00:06:38,480
We've got full access to the file system of this Android device, and we could even upload other exploits

79
00:06:38,480 --> 00:06:40,070
and run those as well.

80
00:06:40,580 --> 00:06:43,280
So I hope you've enjoyed a little bit of Android hacking.

81
00:06:43,760 --> 00:06:48,380
Dig around in your Android emulator device a little bit more until you find some other fun things,

82
00:06:48,380 --> 00:06:53,720
do some searches on the Internet for other exploits, or look back through that MSF venom list and see

83
00:06:53,720 --> 00:06:56,900
what other kinds of things you'd like to try on your Android device.

84
00:06:57,440 --> 00:06:59,480
The main thing is to keep learning.

85
00:06:59,630 --> 00:07:06,590
You will never get every exploit down perfectly, but you can learn how to use a few of them really

86
00:07:06,590 --> 00:07:06,980
well.

87
00:07:07,220 --> 00:07:12,410
And we have exercised that misinterpret or reverse TCP across three different platforms now.

88
00:07:12,710 --> 00:07:19,130
And we've seen that we can actually compromise several different types of devices, not just laptops

89
00:07:19,130 --> 00:07:23,150
and desktops, running windows, their exploits for OS 10.

90
00:07:23,150 --> 00:07:24,770
There are exploits for Linux.

91
00:07:24,920 --> 00:07:31,400
And of course we just saw an exploit that worked for Android devices, even a brand new Android VM.

92
00:07:31,400 --> 00:07:35,260
We just booted up and downloaded from the Internet just a few seconds ago.

93
00:07:35,630 --> 00:07:37,950
So I hope this has been an eye opening experience for you.

94
00:07:38,360 --> 00:07:40,210
Be careful when you're online.

95
00:07:40,220 --> 00:07:45,080
There are a lot of dangers out there, but you can avoid most of them just by being aware that this

96
00:07:45,080 --> 00:07:52,280
is possible and not clicking through suspicious links, downloading suspicious files or running suspicious

97
00:07:52,280 --> 00:07:53,120
executables.

98
00:07:53,240 --> 00:07:56,630
And you should be suspicious of almost everything.

99
00:07:57,050 --> 00:07:59,900
I hope you've enjoyed everything you've learned in the course so far.

100
00:08:00,260 --> 00:08:02,900
And please keep posting comments and questions.

101
00:08:03,050 --> 00:08:04,430
I'll be glad to answer those.

102
00:08:04,430 --> 00:08:07,850
And I'm always looking for new ideas for new videos to post.

103
00:08:08,480 --> 00:08:11,180
Thanks and have fun with ethical hacking.