Lets get started,
NOTE: The rest of the tutorial will be for Android phones, but can easily be configured to hack IPhone/Blackberry's too. my Android Phone)
Requirements:
- 1. Backtrack 5 r3 (using backtrack for this example as SPF is pre-installed), i recently posted a article, how to download, install and run backtrack 5 in windows.
- 2. Portforwarding (if you are using this outside of your own network)
- 3. Xampp for linux (guide to installing this will be in the tutorial)
- 4. A phone (for example I will be using my Android Phone)
- First of all, go Here to get Xampp.
- Once xampp has finished downloading, go to your home directory and you should have a file called "download.php?xampp-linux-1.7.3a.tar.gz" rename it to something like "xampp.tar.gz".
- In your terminal window run tar xvfz xampp.tar.gz -C /opt
- Everything should be installed and you can find xampp in /opt/lampp/directory.
Step 2) Configuring Xampp:
Use
/opt/lampp/lampp start
/opt/lampp/lampp stop
To start and stop the Xampp service
- Once Xampp has started, go to "localhost" in your browser and select your language. Navigated to "Phpmyadmin" and create a new database called "framework".
- Next add a new user by going to the "privileges" tab then "add a new user".
- Use whatever username and password you want and select "local" from the hosts list.
- Make sure you "Check All" global privileges, then click go.
- Now delete the htdocs folder in /opt/lampp/
Step 3) Configuring SPF Files:
- Navigate to the SPF config file /pentest/exploits/smartphone-pentest-framework/frameworkconsole/config and Replace
- Ip Address For Websrever - with your local/public ip.
- Ip Address TO Listn on for Shells - with your local/public ip.
- Ip Address of SQL Server 127.0.0.1 if Localhost - with 127.0.0.1
- Username of the MYSQL User to use - with the username you made in phpmyadmin
- Password of the MYSQL User to use - with the password of the user you set.
Step 4) Configuring SPF:
- Open up the smartphone-pentest-framework window by going to: applications>backtrack>exploitation tools>wireless exploitation tools>gsm exploitation>Smartphone-pentest-framework.
- Select option 4 then select option 2.
- Input your phone number, then input a 7 digit control key to connect to your victims and then enter the path you want your app to located on your webserver (I will be using /). Now don't expect anything to happen just yet, you need to configure your phone with SPF.
- Locate the file: /pentest/exploits/smartphone-pentest-framework/FrameworkAndroidApp/bin/FrameworkAndroidApp.apk
- And move it over to your phone by uploading it to dropbox or just connecting your phone to your computer.
- Install it then open it up. Put in the details you filled out a minute ago in
- SPF and your ip the webserver is setup on and press setup.
Step 5) Attacking People:
- Open up smartphone-pentest-framework and select option 6 then pick between thedirect download (just sends a text to the person from your phone with a direct download to the file) or client side shell (uses a browser exploit in android phones to give you shell access).
- If you select option 1 you must move the file /pentest/exploits/smartphone-pentest-framework/AndroidAgent/bin/AndroidAgent.apk
- To your root directory.
- Once you get a victim, just open up smartphone-pentest-framework again, select option 1, fill in the details and you can then control the victim from your mobile phone.
p;and here.
No comments:
Post a Comment