1
00:00:00,750 --> 00:00:03,780
‫Instructor: Hi, now we are ready actually.

2
00:00:03,780 --> 00:00:07,230
‫I have sent those links to the victim

3
00:00:07,230 --> 00:00:11,220
‫and I have my ngrok working on my Kali Linux.

4
00:00:11,220 --> 00:00:14,220
‫I am listening for incoming connections

5
00:00:14,220 --> 00:00:16,830
‫with Metasploit 2,

6
00:00:16,830 --> 00:00:20,250
‫and I believe we are ready to test this.

7
00:00:20,250 --> 00:00:22,740
‫So all you have to do is just send a link

8
00:00:22,740 --> 00:00:24,330
‫to your Android device.

9
00:00:24,330 --> 00:00:27,180
‫And again, if you don't have any Android device

10
00:00:27,180 --> 00:00:30,900
‫to test this on, wait for the next next section

11
00:00:30,900 --> 00:00:35,820
‫where you will learn how to use Android emulator.

12
00:00:35,820 --> 00:00:36,900
‫So here we go.

13
00:00:36,900 --> 00:00:39,420
‫In my own Android tablets,

14
00:00:39,420 --> 00:00:43,470
‫I'm downloading this APK as you can see.

15
00:00:43,470 --> 00:00:45,240
‫And once it's ready

16
00:00:45,240 --> 00:00:48,990
‫it will be ready on the downloads folder like this.

17
00:00:48,990 --> 00:00:53,070
‫So if I click on the ngroktest.apk,

18
00:00:53,070 --> 00:00:56,880
‫it will ask me for some kind of permissions

19
00:00:56,880 --> 00:01:00,150
‫and I'm going to say install, okay?

20
00:01:00,150 --> 00:01:05,150
‫So this will install the application on my tablet.

21
00:01:05,490 --> 00:01:09,780
‫And if I say open, then it'll open the application.

22
00:01:09,780 --> 00:01:12,780
‫And at the Kali Linux, as you can see,

23
00:01:12,780 --> 00:01:17,010
‫the Meterpreter session one opened for me.

24
00:01:17,010 --> 00:01:20,700
‫Now I don't see anything on my tablet right now.

25
00:01:20,700 --> 00:01:24,450
‫So if I was a victim I would've thought, yeah,

26
00:01:24,450 --> 00:01:26,460
‫this app doesn't work.

27
00:01:26,460 --> 00:01:31,460
‫But in fact, we managed to hack into that Android device.

28
00:01:32,070 --> 00:01:37,070
‫As you can see, we have the session over here in Kali Linux.

29
00:01:37,290 --> 00:01:41,550
‫So if you hit enter, now the session is opened.

30
00:01:41,550 --> 00:01:45,860
‫In order to reach those sessions you should run sessions.l.

31
00:01:47,340 --> 00:01:49,140
‫So this will list the sessions.

32
00:01:49,140 --> 00:01:54,140
‫As you can see, we have only one and it's an Android device.

33
00:01:55,290 --> 00:02:00,290
‫And you can see the connection is coming to my local host.

34
00:02:01,170 --> 00:02:03,600
‫So if you say sessions -1,

35
00:02:03,600 --> 00:02:05,850
‫so this is the idea of the session,

36
00:02:05,850 --> 00:02:09,840
‫it will go into the Meterpreter session.

37
00:02:09,840 --> 00:02:12,930
‫As you know by now,

38
00:02:12,930 --> 00:02:17,730
‫Meterpreter is the session handler for us.

39
00:02:17,730 --> 00:02:21,540
‫So if I run sysinfo, it will display the information

40
00:02:21,540 --> 00:02:23,520
‫of the victim system like this.

41
00:02:23,520 --> 00:02:28,520
‫So this is an Android device, it runs on 4.4.4 version.

42
00:02:28,590 --> 00:02:33,480
‫And if you run help, it will display the available commands

43
00:02:33,480 --> 00:02:34,860
‫for you to run.

44
00:02:34,860 --> 00:02:37,800
‫And in fact, you have a lot of commands,

45
00:02:37,800 --> 00:02:42,630
‫a lot of options on Meterpreter sessions.

46
00:02:42,630 --> 00:02:45,450
‫So this is the beauty of the Meterpreter.

47
00:02:45,450 --> 00:02:48,180
‫You get to see what are the options

48
00:02:48,180 --> 00:02:50,610
‫and you get to just run them

49
00:02:50,610 --> 00:02:54,570
‫and see the result back in an instant, okay?

50
00:02:54,570 --> 00:02:59,190
‫So you can actually browse through this help documentation

51
00:02:59,190 --> 00:03:02,430
‫of the Meterpreter, so that you can understand

52
00:03:02,430 --> 00:03:06,123
‫what's going on and you can read the descriptions like this.

53
00:03:07,140 --> 00:03:11,130
‫So I'm going to show you some of the most popular ones

54
00:03:11,130 --> 00:03:15,810
‫and you will see there is a section dedicated

55
00:03:15,810 --> 00:03:17,820
‫to Android commands over here.

56
00:03:17,820 --> 00:03:20,640
‫Like you can dump the call logs,

57
00:03:20,640 --> 00:03:23,610
‫you can dump the SMS messages,

58
00:03:23,610 --> 00:03:27,210
‫you can try to send an SMS actually.

59
00:03:27,210 --> 00:03:30,840
‫You can just set the audio mode.

60
00:03:30,840 --> 00:03:34,860
‫You can just set the wake lock or something.

61
00:03:34,860 --> 00:03:37,560
‫And you can actually run ls

62
00:03:37,560 --> 00:03:40,200
‫and browse through the file system

63
00:03:40,200 --> 00:03:42,630
‫of the Android device as well.

64
00:03:42,630 --> 00:03:45,140
‫For example, let me go to cd ..

65
00:03:46,170 --> 00:03:49,080
‫and cd .. one more time.

66
00:03:49,080 --> 00:03:54,000
‫And I believe we are inside of data/data folder right now.

67
00:03:54,000 --> 00:03:56,010
‫If you're in someplace else

68
00:03:56,010 --> 00:04:00,540
‫you can browse through the data/data as well, right?

69
00:04:00,540 --> 00:04:05,540
‫And let me run pwd. Yep, I'm inside of data/data.

70
00:04:06,180 --> 00:04:11,180
‫So let me go to some other command,

71
00:04:11,220 --> 00:04:13,260
‫some other folder over here.

72
00:04:13,260 --> 00:04:18,180
‫Let me go to root folder and run ls to see my options first.

73
00:04:18,180 --> 00:04:19,020
‫Yep, here you go.

74
00:04:19,020 --> 00:04:22,590
‫We have a lot of files and folders over here.

75
00:04:22,590 --> 00:04:26,550
‫I can try to find some sensitive folders and files

76
00:04:26,550 --> 00:04:30,810
‫by just browsing through this file and folder system

77
00:04:30,810 --> 00:04:33,450
‫of the Android device over here.

78
00:04:33,450 --> 00:04:35,670
‫I can download anything I want.

79
00:04:35,670 --> 00:04:39,420
‫I can try to upload new files to the system

80
00:04:39,420 --> 00:04:43,020
‫using this Meterpreter session.

81
00:04:43,020 --> 00:04:45,120
‫And the commands are very basic.

82
00:04:45,120 --> 00:04:47,340
‫You just gonna have to read the description,

83
00:04:47,340 --> 00:04:50,310
‫but it's upload and it's download

84
00:04:50,310 --> 00:04:53,310
‫followed by the file name, okay?

85
00:04:53,310 --> 00:04:55,440
‫So once you get the session

86
00:04:55,440 --> 00:04:59,130
‫it's very easy to move on from here.

87
00:04:59,130 --> 00:05:04,130
‫For example, let me go into SD card, cd sdcard, okay?

88
00:05:04,470 --> 00:05:08,610
‫And if I run ls, I will see the contents of the SD card.

89
00:05:08,610 --> 00:05:13,610
‫Like you can actually reach the music, downloads, movies.

90
00:05:14,130 --> 00:05:17,370
‫Like you can go to downloads for example, or pictures,

91
00:05:17,370 --> 00:05:20,430
‫and try to see the pictures of the user.

92
00:05:20,430 --> 00:05:23,970
‫So let me run a list to see if I have any.

93
00:05:23,970 --> 00:05:28,970
‫Yeah, I have something called IKScreenshots, I believe.

94
00:05:29,070 --> 00:05:30,627
‫Yeah, let me try to download this

95
00:05:30,627 --> 00:05:32,550
‫and you will see what I mean.

96
00:05:32,550 --> 00:05:35,760
‫So download IKScreenshots.

97
00:05:35,760 --> 00:05:39,000
‫And it will download this file for me

98
00:05:39,000 --> 00:05:41,583
‫and save it to my root folder, okay?

99
00:05:42,840 --> 00:05:45,720
‫And you can try to display this

100
00:05:45,720 --> 00:05:48,210
‫within inside your file folder system

101
00:05:48,210 --> 00:05:51,210
‫inside of Kali Linux, obviously.

102
00:05:51,210 --> 00:05:54,360
‫Then let me go back a little bit

103
00:05:54,360 --> 00:05:59,360
‫and let me go into some other folder, like downloads.

104
00:05:59,820 --> 00:06:03,510
‫Okay, I believe it's named Download. Yep.

105
00:06:03,510 --> 00:06:07,050
‫So Download and let me run ls.

106
00:06:07,050 --> 00:06:11,490
‫Here you go, we see our own file, ngroktest.apk.

107
00:06:11,490 --> 00:06:16,490
‫So these are files that our user has been downloading

108
00:06:16,650 --> 00:06:19,380
‫all the way through, right?

109
00:06:19,380 --> 00:06:21,780
‫So as you can see, we managed to hack in

110
00:06:21,780 --> 00:06:25,320
‫and we are browsing through the file and folder system.

111
00:06:25,320 --> 00:06:27,000
‫This is very cool.

112
00:06:27,000 --> 00:06:29,460
‫So there are actually other commands,

113
00:06:29,460 --> 00:06:33,780
‫like sending SMS, or getting the calls,

114
00:06:33,780 --> 00:06:38,780
‫but I don't have any kind of sim card inside of my tablet.

115
00:06:39,030 --> 00:06:43,170
‫It's not even a phone, it's a tablet, like an iPad, okay?

116
00:06:43,170 --> 00:06:47,040
‫So I'm not going to be demonstrating those examples,

117
00:06:47,040 --> 00:06:49,170
‫but if you're doing this for a phone,

118
00:06:49,170 --> 00:06:51,630
‫of course you're more than welcome to test this

119
00:06:51,630 --> 00:06:53,040
‫on your own time.

120
00:06:53,040 --> 00:06:54,480
‫Just sending SMS

121
00:06:54,480 --> 00:06:58,980
‫or trying to get the call logs or something.

122
00:06:58,980 --> 00:07:02,640
‫But as you can see, we have something called webcam_stream.

123
00:07:02,640 --> 00:07:05,160
‫And this is one of the most popular commands.

124
00:07:05,160 --> 00:07:09,030
‫Like you can use this webcam_stream

125
00:07:09,030 --> 00:07:12,630
‫to open actual webcams on computers,

126
00:07:12,630 --> 00:07:15,240
‫but in the devices, mobile devices,

127
00:07:15,240 --> 00:07:19,200
‫it actually opens the camera of the related device.

128
00:07:19,200 --> 00:07:20,760
‫Like if you're on a phone,

129
00:07:20,760 --> 00:07:25,110
‫you can actually see what's going on around the user,

130
00:07:25,110 --> 00:07:28,440
‫around the victim by using this comment.

131
00:07:28,440 --> 00:07:29,790
‫So let me display this.

132
00:07:29,790 --> 00:07:33,750
‫Obviously, I have a camera on my tablet

133
00:07:33,750 --> 00:07:38,750
‫so let me run webcam_stream, with only one M.

134
00:07:38,850 --> 00:07:42,660
‫Okay, let me delete this and hit enter.

135
00:07:42,660 --> 00:07:45,900
‫So this will start a service for me

136
00:07:45,900 --> 00:07:50,490
‫and it will give me some kind of a web link or something,

137
00:07:50,490 --> 00:07:55,490
‫some HTML file for me and I will have to open it.

138
00:07:55,800 --> 00:08:00,570
‫So don't close this and don't hit on any other word

139
00:08:00,570 --> 00:08:03,840
‫or any other key from your keyboard.

140
00:08:03,840 --> 00:08:08,400
‫So this should be running on its own, okay?

141
00:08:08,400 --> 00:08:10,770
‫And copy this selection.

142
00:08:10,770 --> 00:08:15,770
‫So as you can see, this is running some kind of HTML file

143
00:08:15,780 --> 00:08:17,940
‫on my root folder.

144
00:08:17,940 --> 00:08:21,060
‫And if you go to your root folder with your file manager

145
00:08:21,060 --> 00:08:23,460
‫you will see that HTML file.

146
00:08:23,460 --> 00:08:28,410
‫But rather than seeing it, if you open any Firefox tab

147
00:08:28,410 --> 00:08:30,990
‫you can just paste it, okay?

148
00:08:30,990 --> 00:08:35,990
‫And you can just open that HTML file on your own machine.

149
00:08:36,480 --> 00:08:41,480
‫And now I see my tablet phone, or tablet camera,

150
00:08:41,670 --> 00:08:43,440
‫or my phone's camera.

151
00:08:43,440 --> 00:08:46,170
‫As you can see, this is my garden.

152
00:08:46,170 --> 00:08:50,130
‫I'm just holding up the tablet

153
00:08:50,130 --> 00:08:53,100
‫so that you can see what's going on.

154
00:08:53,100 --> 00:08:57,090
‫And let me try to go into the image as well,

155
00:08:57,090 --> 00:08:58,950
‫but I believe...

156
00:08:58,950 --> 00:09:03,240
‫Yeah, it is kind of shady so you cannot see me clearly.

157
00:09:03,240 --> 00:09:07,170
‫But obviously, we managed to hack into,

158
00:09:07,170 --> 00:09:10,680
‫and obviously, we managed to get the phone

159
00:09:10,680 --> 00:09:15,680
‫or tablet camera stream as well.

160
00:09:15,990 --> 00:09:17,940
‫So after you are done with it

161
00:09:17,940 --> 00:09:22,940
‫you can hit Control + C to stop this from streaming, okay?

162
00:09:23,100 --> 00:09:25,860
‫So it'll go back into your session

163
00:09:25,860 --> 00:09:29,430
‫and you can continue whatever you want to do

164
00:09:29,430 --> 00:09:32,523
‫with the Meterpreter session over here.

165
00:09:33,540 --> 00:09:38,540
‫And remember, it actually puts the files on your root,

166
00:09:39,120 --> 00:09:42,810
‫so you can reach those files that you have downloaded

167
00:09:42,810 --> 00:09:47,403
‫or that you have streamed from your root folder later on.

168
00:09:48,330 --> 00:09:51,000
‫So this is kind of cool, right?

169
00:09:51,000 --> 00:09:53,910
‫We managed to hack into the device,

170
00:09:53,910 --> 00:09:57,960
‫we managed to browse all the information,

171
00:09:57,960 --> 00:10:00,600
‫we managed to download whatever we want,

172
00:10:00,600 --> 00:10:05,180
‫and we managed to actually open the camera

173
00:10:05,180 --> 00:10:07,050
‫of the phone as well.

174
00:10:07,050 --> 00:10:12,050
‫So you can try to go into the data of the related apps,

175
00:10:12,240 --> 00:10:15,060
‫like WhatsApp and other apps as well,

176
00:10:15,060 --> 00:10:16,470
‫try to find the logs

177
00:10:16,470 --> 00:10:21,470
‫and try to see if you have anything useful over there.

178
00:10:21,720 --> 00:10:26,720
‫And it's very easy to hack into devices using MSF Linux

179
00:10:27,180 --> 00:10:30,270
‫if you can come up with a good strategy.

180
00:10:30,270 --> 00:10:33,330
‫So beware of the hackers, obviously.

181
00:10:33,330 --> 00:10:36,240
‫So if somebody sends you some APK,

182
00:10:36,240 --> 00:10:38,460
‫don't open it if you don't know them.

183
00:10:38,460 --> 00:10:40,920
‫If you even know them, if you get suspicious,

184
00:10:40,920 --> 00:10:42,330
‫don't open them,

185
00:10:42,330 --> 00:10:45,960
‫because it's very easy to get hacked as you can see.

186
00:10:45,960 --> 00:10:50,280
‫So it's not even easy to hack into the Windows machines

187
00:10:50,280 --> 00:10:53,160
‫because of the defender and other antiviruses.

188
00:10:53,160 --> 00:10:55,770
‫But in Android, in real life,

189
00:10:55,770 --> 00:10:58,200
‫they won't even get detected, okay?

190
00:10:58,200 --> 00:11:00,900
‫So if you send them and if they click on it,

191
00:11:00,900 --> 00:11:03,783
‫it'll just pop open and you will get hacked.

192
00:11:04,710 --> 00:11:09,090
‫So just keep that in mind, if somebody sends you APKs,

193
00:11:09,090 --> 00:11:11,490
‫just don't open them.

194
00:11:11,490 --> 00:11:14,370
‫I suggest you stick to the Play Store.

195
00:11:14,370 --> 00:11:17,010
‫So of course, somebody could have uploaded this

196
00:11:17,010 --> 00:11:21,090
‫to the Play Store as well, but it will get down eventually.

197
00:11:21,090 --> 00:11:23,370
‫It'll be taken down eventually.

198
00:11:23,370 --> 00:11:25,860
‫They generally understand it in a couple of days,

199
00:11:25,860 --> 00:11:29,130
‫so you won't have that kind of risk over there,

200
00:11:29,130 --> 00:11:31,020
‫at least a very high risk.

201
00:11:31,020 --> 00:11:35,460
‫But if somebody sends you some APK through WhatsApp

202
00:11:35,460 --> 00:11:39,600
‫or some other platform, just beware of it.

203
00:11:39,600 --> 00:11:41,370
‫So that's it.

204
00:11:41,370 --> 00:11:44,670
‫We're going to stop here and we are going to start learning

205
00:11:44,670 --> 00:11:48,363
‫about Android development within the next section.