Scribd
Upload
33 views38 pages

Sushan Pujari PDF

Uploaded by

tensherpa322
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
33 views38 pages

Sushan Pujari PDF

Uploaded by

tensherpa322
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 38

Module Code & Module Title

CC6051NI Ethical Hacking

Hacking into Mobile Devices

Assessment Weightage & Type


50% Individual Coursework

Year and Semester


2019-20 Spring

Student Name: Sushan Pujari

London Met ID: 17031066

College ID: NP01NT4A170122

Assignment Due Date: 8th June 2020

Assignment Submission Date: 7th June 2020

Word Count (Where Required): 2095

I confirm that I understand my coursework needs to be submitted online via Google Classroom under the
relevant module page before the deadline in order for my assignment to be accepted and marked. I am fully
aware that late submissions will be treated as non-submission and a mark of zero will be awarded.
Abstract

The following report projects the usage of mobile devices in the modern world and how it has

occupied most of the professional and personal life. The report provides knowledge on how

important it is to provide mobile device security in current scenarios . The report also consists

of an attack demonstration which provide brief concept on how an attacker can grant access to

the target’s device without any detection.

In the demonstration phase, the attacker is a Kali Linux Machine and the target is an android

phone. In the attack scenario, the attacker tricks the target to install the malware and later gains

full access to the target’s device and information. This attack scenario is based on a real case

which is also provided in the literature review section of the report.

After the demonstration, the report provides the legal implication of the demonstrated attack in

our society with some recommendation which help to prevent and stay protected from these

type of mobile device attacks.


Abbreviation

APK : Android Package Kit

App : Application

BS : Bikram Shambat

HTML : Hypertext Markup Language

HTTP : HyperText Transfer Protocol

iOS : iPhone Operating System

OS : Operating System

PC : Personal Computer

TCP : Transmission Control Protocol

WWW : World Wide Web


Table of Contents

1. Introduction....................................................................................................................... 1

1.1 Problem Scenario ........................................................................................................ 1

1.2 Aims and Objectives.................................................................................................... 3

1.2.1 Aims ..................................................................................................................... 3

1.2.2 Objectives ............................................................................................................. 3

2. Background ....................................................................................................................... 4

2.1 End Devices ................................................................................................................ 4

2.1.1 Importance of Mobile Phones ............................................................................... 5

2.2. Mobile device Security and its importance. ................................................................. 6

3. Literature Review .............................................................................................................. 7

3.1 Case Study .................................................................................................................. 7

3.2 Conclusion .................................................................................................................. 8

4. Development ..................................................................................................................... 9

4.1 Tools and Techniques .................................................................................................. 9

4.1.1 Nmap .................................................................................................................... 9

4.1.2 msfvenom ............................................................................................................. 9

4.1.3 Apache HTTP server and HTML Page .................................................................. 9

4.1.4 Metasploit Framework .......................................................................................... 9

4.2 Analysis of Attack Scenario....................................................................................... 10

4.2.1 Setting up Phishing Site ...................................................................................... 10


4.2.2 Installation of Malware. ...................................................................................... 10

4.2.3 Gain Access of Target’s Device .......................................................................... 10

4.2.4 Create a persistent backdoor. .............................................................................. 10

5. Demonstration ................................................................................................................. 11

5.1 Making Embedded APK Payload .............................................................................. 11

5.2 Target’s Device accessed ........................................................................................... 12

6. Conclusion ...................................................................................................................... 12

6.1 Legal Implications ..................................................................................................... 13

6.2 Recommendation ....................................................................................................... 13

7. References....................................................................................................................... 14

8. Appendices ..................................................................................................................... 16

8.1 Appendix – I (Threat Description) ............................................................................. 16

8.2 Appendix – II (Attack Demonstration) ....................................................................... 18

8.2.1 Active Host Check. ............................................................................................. 18

8.2.2 Creating Embedded Payload. .............................................................................. 19

8.2.3 Moving the payload to apache server folder. ....................................................... 20

8.2.4 Phishing Webpage. ............................................................................................. 20

8.2.5 Download and installation of payload. ................................................................ 21

8.2.6 Setting up listener. .............................................................................................. 22

8.2.7 Setting LHOST and LPORT. .............................................................................. 22

8.2.8 Execution of payload .......................................................................................... 23


8.2.9 Gaining access to target’s device......................................................................... 23

8.2.10 Dumping call logs and SMS.............................................................................. 24

8.2.11 Call Log and SMS ............................................................................................ 24

8.2.12 SMS information .............................................................................................. 25

8.2.13 Sending SMS from target’s device .................................................................... 25

8.2.14 Capturing picture .............................................................................................. 26

8.2.15 Pinpointing target’s location. ............................................................................ 26

8.2.16 Creating backdoor script. .................................................................................. 27

8.2.17 Uploading and executing shell script backdoor.................................................. 28

8.2.18 Testing backdoor.sh shell script ........................................................................ 29

8.3 Appendix – III (Electronic Transaction Act 2063 BS) ................................................ 30

8.3.1 Section 44 ........................................................................................................... 30

8.3.2 Section 45 ........................................................................................................... 30

8.3.3 Section 46 ........................................................................................................... 31


Table of Figure

Figure 1 Googligan Malware Infected Cases ......................................................................... 7


Figure 2 Googligan Working Method. ................................................................................... 8
Figure 3 Creating Payload using msfvenom ........................................................................ 11
Figure 4 Target's Device access gained................................................................................ 12
Figure 5 Live host scan. ...................................................................................................... 18
Figure 6 Payload Embed with Authentic file. ...................................................................... 19
Figure 7 Moving payload to the apache server. .................................................................... 20
Figure 8 Phishing webpage.................................................................................................. 20
Figure 9 Downloading Payload……………………………………………………………………………………………………21
Figure 10 Installation of the payload. .................................................................................. 21
Figure 11 Payload Installed in Android Device.................................................................... 21
Figure 12 Setting up listener (Metasploit) ............................................................................ 22
Figure 13 Setting up LHOST and LPORT in listener. .......................................................... 22
Figure 14 Execution of payload in target device. ................................................................. 23
Figure 15 Access gained to target's device. .......................................................................... 23
Figure 16 Dumping SMS and Call Log information. ........................................................... 24
Figure 17 Target's Call Logs. .............................................................................................. 24
Figure 18 Target’s SMS information. .................................................................................. 25
Figure 19 Sending SMS from target's device. ...................................................................... 25
Figure 20 Capturing picture using target's camera. .............................................................. 26
Figure 21 Geolocation of Target's device............................................................................. 26
Figure 22 Creating script for backdoor. ............................................................................... 27
Figure 23 Uploading shell script. ......................................................................................... 28
Figure 24 Execution of shell script. ..................................................................................... 28
Figure 25 Consistent backdoor test. ..................................................................................... 29
CC6051NI Ethical Hacking

1. Introduction
With the growth of modern era, the advancement of technology has created new inventions

every day. With this advancement, people are getting more and more addicted to their

devices to the point where these technological devices are part of their daily need. One of

these addictive devices is “Mobile Phone”. With the creation of internet and many different

virtual platforms, we can realize that people are more involved in their virtual life than that

of their social life. And with the updating generation, “Mobile Phone” which now known

as “Smart Phone” are able to perform different activities besides phone calls, like playing

games, sending and receiving emails, social medias and electronic banking transactions.

And with the increasing features of smart phones, cybercriminals are finding new and smart

ways to steal confidential information from the users. In this report, such demonstration

will be provided. The demonstration will include, how an android device is vulnerable to

attacks and how can it be manipulated without the knowledge of the target.

1.1 Problem Scenario


People used to have their confidential information locked away in a secure physical

safe but currently these safes are virtually set. Back in the days, the only way to steal

data from a person is by physically stealing the data but due to vast increasing number

of technologies this information is virtually stored rather than physically. And these

virtually stored data are more prone to being stole than that of physical storage.

Nowadays, with the invention of smartphone every person has a minicomputer in their

hands which come with more than enough software and application to perform

different kind of task as per users need. As of fourth quarter of 2019, Android users

were able to choose between 2.57 million apps in Google Play store and 1.84 million

apps from App Store for iOS devices. (Clement, 2020)

1|Page
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

With vast majority of applications to choose from, people tend to choose such

applications which makes their smart phone faster and more customizable. And to lean

towards these customizable setting and improvement in their smart devices, different

tweaks and hacks are used. These tweaks and hacks can be a simple like a wallpaper

and screen saver changes or it can be a core system changes like, gaining root access

and installing new kernels.

With the installation of these tweaks and hacks, devices become more vulnerable to

attacks. There are many hackers who phish the target to install these hacks, in order to

steal confidential and financial information. (DuPaul, 2020)

The biggest threats in current mobile devices are:

1. Man-in-the-Middle Attack

2. Third Party Application

3. SMS Attacks

A detailed explanation about these threats will be provided in Appendix-I.

According to study, roughly 72% of world population uses android based smart phones

which includes Samsung, Huawei, Xiaomi, Sony and other android vendors. Just in

China, it was found that there was around 121 thousand of new android malware.

Which shows that, with increasing technology, the threats of cyber-attacks are also

increasing. (Juniper Networks, 2012)

Due to higher number in android user, this report will demonstrate, how an android

phone can be a victimized by a malicious attacker to steal confidential data.

2|Page
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

1.2 Aims and Objectives


Aims and objective are important so to provide any report a clear motive and a baseline

to complete.

1.2.1 Aims
By rapid increase in android users, it can be seen that hackers are creating new

malwares every day to infected and collect as much confidential data as

possible. Thus, this report will demonstrate such attack in which an android

device is the target and Kali Linux OS will be the attacker. The main aim will

be to retrieve confidential data from the target without alerting the target itself

and finally install a backdoor for persistence connection.

1.2.2 Objectives
Said aims will be achieved through following objectives:

1. Gather information about the target.

2. Spear phish the target to download payload.

3. Set up a listener to gain access to the target’s device

4. Immediately install backdoor.

5. Retrieve small amount of information at a time to stay away from radars.

3|Page
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

2. Background
As increasing adaptation of smartphones, especially android, people are getting more

vulnerable to cyber-attack. Although, there are many benefits using smartphone, there is

no denying that everyone is prone to cyber-attacks. And internet is like a huge data storage

which stores and collect everyone’s information. Information about their jobs, home

address, their status and finance. Trusting technology, thinking that it can secure all these

confidential data is like to “trust the cat to keep the cream”.

Although, there are significant numbers of attacks that network security and firewall can

prevent, there are also a lot of unknown attacks. These types of data security actually work

to protect a PC from attacks, but they are not intelligent enough to protect from human

errors. And in this report, such human error is demonstrated.

2.1 End Devices


End devices are an important spectrum of human evolution during the modern era. The

devices which helps to form an interface between the human network and the

communication network are known as end devices. End devices can be either a source

or a destination of data transmitted over the network. Some familiar examples of end

devices are Computers, Network printers, Smart home appliances, Security

cameras, Mobile Phones. (Orbit Computer Solution, 2015)

As this report is about mobile devices and its vulnerability to attacks, lets define the

importance of these mobile devices in our daily life.

4|Page
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

2.1.1 Importance of Mobile Phones


Mobile phones are efficient way of communication. With the developing phase

of human era, these mobile phones are constantly upgrading to meet user’s need.

Some of the important aspect of mobile phones are:

1. Easy way of Communication:

Mobile phones allow user to communicate with another user anywhere in the

world in fact they have their contact information. This feature helps to

connect people regardless the distance worldwide.

2. Emergency:

During emergencies, mobile phones act as a SOS signal or a beacon of help.

As it provides communication features to contact marshals and other feature

like camera, voice recording and so on which can be helpful during time of

need.

3. Storage:

Mobile phones can also act as a data storage in which you can store your

documents, photos, videos, recordings and many different types of data files

which can be helpful during professional and personal work.

4. Educational Purpose:

As being a student myself, mobile phone has played a significant role in the

academic years. As internet is the void of knowledge, mobile phone provides

easy and portable access to this educational information.

(Techwalla, 2020)

5|Page
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

2.2. Mobile device Security and its importance.


Mobile device security tackles the concept of data protection on portable devices and

networks it connects to. Smartphone is one of the widely used mobile devices. And

why is it vital to secure these mobile devices? As, from above paragraph 2.1.1, it

states that mobile devices have many features and one of them is storing data. Data

about personal life, business dealing, banking accounts and other confidential

information. According to Cisco Resource Center, more than half of the business

are handled through mobile device (Cisco, 2020) which inevitability invites cyber-

threats.

So, to adapt to these upcoming challenges, it is important to keep the mobile device

safe from cyber-attacks and cybercriminals.

6|Page
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

3. Literature Review
The literature review section will provide a study on a similar case which is demonstrated

in Topic 5 of this report. The section also contains a brief conclusion about the case study.

3.1 Case Study

Figure 1 Googligan Malware Infected Cases (Check Point Software Technologies Ltd, 2016)

During 2016, it was found that many of android devices were infected by the malware

named “Googligan Trojan Horse”. It was estimated that everyday more than 13000

android devices were being infected by this malware. The above picture shows the

infected cases over the world by Googligan Malware.

The malware was especially targeting androids running on Jellybean, KitKat

Lollipop OS. The malware gets installed when the user download malware-infected

application from third-party app stores. (Lakshman, 2016)

7|Page
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

Figure 2 Googligan Working Method. (Check Point Software Technologies Ltd, 2016)

Once the malware is installed, it would break into user’s google operated services

(Google photos, drives, docs, Gmail) and then installs application from the google

play store to provide reviews and ratings for apps and send data about the device to

remote server.

If the malware achieved root access, it would send the google accounts and

authentication token information to the remote server and provide full control to the

target’s android device. (OnlineSiteHelper, 2020)

3.2 Conclusion
In an interview, the Head of Mobile and Cloud Security of Check Point, Michael

Shaulov said, “This attack was a part of an advertising fraud scheme”. The case study

shows that, the Googligan was one of the largest google account breaches ever

occurred. These breaches occur due to the user was unaware enough to install

applications through unauthentic vendors and phishing links. (Check Point Software

Technologies Ltd, 2016)

8|Page
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

4. Development
The development section of the report will provide brief information about the attack

scenario and process.

4.1 Tools and Techniques


Following are the tools and techniques used during the attack phase. The following

section also explains the need of different tools used.

4.1.1 Nmap
Nmap is a vulnerability scanner and network discovery tool. This tool is used to

gather information about the active status and the logical information of the

target (Android Phone).

4.1.2 msfvenom
msfvenom is a framework combined with msfpayload and msfencode. This

framework is used to create a payload and embed it with an authentic app to

avoid detection.

4.1.3 Apache HTTP server and HTML Page


Apache is a free open source platform which helps to create local web server.

And HTML page is created to phish the target to download the payload

without suspicion.

4.1.4 Metasploit Framework


After the payload is installed, Metasploit framework is used as a listener to gain

access to the target’s device.

9|Page
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

4.2 Analysis of Attack Scenario


The following section is the analysis of the attack scenario along with steps to perform

4.2.1 Setting up Phishing Site


Using apache HTML server, a web server is hosted locally and with the help of

HTML programming, a phishing website is created which is hosted in

“www.instalite.com”. This page will be the download site for the target.

4.2.2 Installation of Malware.


After the target downloads the apk file, the installation of the malware is done in

target’s device.

4.2.3 Gain Access of Target’s Device


When the target executes the application, Metasploit framework will gain

reverse TCP connection to the target’s android device.

4.2.4 Create a persistent backdoor.


The access is maintained until the malicious application is running in the android

device. To maintain persistent access to target’s device, a shell script is

uploaded and executed as “user 0”. The shell script consists of the command

which forces the device to run the malicious software every 30 second. And even

if the user exits the software, this script will continuously run the application

every 30 second to maintain persistent connection.

10 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

5. Demonstration
This section demonstrates the attack scenario using different tools and techniques through

pictures and a brief paragraph about the picture. This section only has payload creation and

breaching of the target device. The detailed demonstration of the attack is provided in

Appendix-II.

5.1 Making Embedded APK Payload

Figure 3 Creating Payload using msfvenom

The above figure 3 shows the creation of the payload. With the help of msfvenom, an

authentic app “Instagram-lite-67-0-0-0-51.apk” is embedded with the payload and

named as InstagramLite.apk.

11 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

5.2 Target’s Device accessed

Figure 4 Target's Device access gained.

Figure 4 shows the access was granted to the target’s android device in which

information about the device is checked to confirm the breach.

6. Conclusion
The above report has explained the vulnerability and threats present in mobile devices,

mostly in android OS. By analyzing the report, it can be said that many of the attacks are

caused due to human errors rather than the vulnerability in the device itself. In which, the

use of third-party app store and unlicensed application has higher chances on cyber-threats.

The following section explains the legal implication on the demonstrated attack and some

recommendation to prevent from these type of data breaches.

12 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

6.1 Legal Implications


The attacks that is demonstrated in this report shows unauthorized access of

confidential data and violates Section 45 of Electronic Transaction Act 2063 BS.

The attacker not only gains unauthorized access but also steals information and spies

on the target with the use of compromised device camera.

The attacks also demonstrate the alteration of an authentic apk application which is

alteration in source code and violates Section 44 of Electronic Transaction Act 2063

BS.

This attack scenario also shows the alteration and disruption of the target’s device in

which a script is injected to alter the running process of the device. This action violates

Section 46 of Electronic Transaction Act 2063 BS.

The above-mentioned violated Sections of Electronic Transaction Act 2036 BS is

shown in Appendix-III.

6.2 Recommendation
The following section provides some recommendation to stay protected from malware

and these threats.

1. Update OS and application constantly.

2. Connect to wireless network wisely

3. Manage app permissions

4. Install application from authentic vendor

5. Turn off Bluetooth and Wi-Fi Network.

(Bushnell, 2019) (Symantec, 2020)

13 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

7. References
Bushnell, M., 2019. 10 Ways to Secure Your Smartphone Against Hackers. [Online]

Available at: https://www.businessnewsdaily.com/11197-protect-your-smartphone-from-

hackers.html

[Accessed 25 April 2020].

Check Point Software Technologies Ltd, 2016. More Than 1 Million Google Accounts

Breached by Gooligan. [Online]

Available at: https://blog.checkpoint.com/2016/11/30/1-million-google-accounts-

breached-gooligan/

[Accessed 25 April 2020].

Cisco, 2020. Mobile Device Security. [Online]

Available at: https://www.cisco.com/c/en/us/solutions/small-business/resource-

center/security/mobile-device-security.html#~introduction

[Accessed 24 April 2020].

Clement, J., 2020. Statista. [Online]

Available at: https://www.statista.com/statistics/276623/number-of-apps-available-in-

leading-app-stores/

[Accessed 24 April 2020].

DuPaul, N., 2020. Android Hacking. [Online]

Available at: https://www.veracode.com/security/android-hacking

[Accessed 23 April 2020].

Juniper Networks, 2012. 2011 Mobile Threat Reports, Sunnyvale, USA: Juniper

Networks Inc.

14 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

Lakshman, R., 2016. Gooligan Malware. [Online]

Available at: https://telecomtalk.info/gooligan-malware-hits-android-phones-in-

asia/159244/

[Accessed 25 April 2020].

OnlineSiteHelper, 2020. 1+ Million Google Accounts Compromised Due To Malware On

Android Apps. [Online]

Available at: https://www.onsitehelper.com/1-million-google-accounts-compromised-

due-malware-android-apps.php

[Accessed 25 April 2020].

Orbit Computer Solution, 2015. Orbit Computer Solution. [Online]

Available at: https://www.orbit-computer-solutions.com/end-devices-and-their-roles-on-

a-network/

[Accessed 24 April 2020].

Skrobov, A. & Makkaveev, S., 2019. Check Point. [Online]

Available at: https://research.checkpoint.com/2019/advanced-sms-phishing-attacks-

against-modern-android-based-smartphones/

[Accessed 24 April 2020].

Symantec, 2020. Android malware. [Online]

Available at: https://il.norton.com/internetsecurity-malware-android-malware.html

[Accessed 24 April 2020].

Techwalla, 2020. Techwalla. [Online]

Available at: https://www.techwalla.com/articles/importance-of-mobile-phones

[Accessed 24 April 2020].

15 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

8. Appendices
8.1 Appendix – I (Threat Description)
The following appendix section provides the description about the biggest mobile

threats in current world. These threats are most active during this modern age in which

each and every person have their smartphone close to them and every bit of financial,

personal and business-related information are stored. As this information are valuable

and is easily accessible, malicious attacks try to take advantage of vulnerability

through these following attacks to steal information from the mobile devices.

1. Man-in-the-Middle attacks:

As mobile phone uses wireless communication, it become vulnerable to attackers

when it connects to public Wi-Fi with no security passwords. In which a hacker

can exploit the vulnerability and steal the information before it redirects the data

to its actual destination. Man-in-the-middle attack allows the hacker to intercept

the traffic between your phone and the server which eventually let them to spy on

internet browsing activity, record keystrokes and intercept messages and phone

calls.

2. Third party applications:

Third party application are those apps which are developed to work in android and

iOS operating system but are not created by actual vendors instead by a third-party

developer. These kinds of app may not go through same security check as the

authentic application. Thus, malware injection is highly possible.

16 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

3. SMS Attacks:

This is one of the most popular android phishing attacks. This type of attack installs

malicious application through received SMS. When the attackers click the link

present in the SMS, malware is installed. One of the recent vulnerabilities

regarding SMS Attack was through over-the-air (OTA) provisioning messages.

This attack took advantages of Open Mobile Alliance Client Provisioning (OMA

CP), which rather have limited authentication, to send malicious network-specific

setting to the target. As OTA is mostly used by cellular operators to transmit

network-specific setting, due to its less security, it was not possible to identify

either the received setting was originated from the network operator or a malicious

attacker. (Skrobov & Makkaveev, 2019)

The above elaborated threats are the part of problem domain in current scenario. A

conclusive explanation is provided in Problem Domain section of this report.

17 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

8.2 Appendix – II (Attack Demonstration)


The following section of the appendix demonstrates the attack scenario of this report.

8.2.1 Active Host Check.

Figure 5 Live host scan.

The above figure 5, shows the scan of live host in the network “192.168.1.0/24”.

In which the target is also active i.e. Huawei Technologies (Android Device).

18 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

8.2.2 Creating Embedded Payload.

Figure 6 Payload Embed with Authentic file.

The above figure shows creation of a payload which is embedded in the authentic

Instagram lite apk application with the help of msfvenom. The payload creates

a reverse TCP connection to the host and port that is suggested in the payload.

19 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

8.2.3 Moving the payload to apache server folder.

Figure 7 Moving payload to the apache server.

In the above figure 7 shows the moving of the created payload

“InstagramLite.apk” to the apache server payload.

8.2.4 Phishing Webpage.

Figure 8 Phishing webpage.

The above figure 8 is the phishing page to trick the target to download the

payload.

20 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

8.2.5 Download and installation of payload.

Figure 9 Downloading Payload Figure 10 Installation of the


payload.

Figure 11 Payload Installed in Android Device.

Figure 9 shows that the payload is downloaded without any detection and in

figure 10, it is shown the installation of the payload and finally figure 11 shows

that the payload in disguised of Instagram Lite has been installed.

21 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

8.2.6 Setting up listener.

Figure 12 Setting up listener (Metasploit)

In figure 12, a listener is being set up so that when the target executes the payload

the attacker can gain access to the android device. As per the payload created,

the listener is also set up as reverse TCP.

8.2.7 Setting LHOST and LPORT.

Figure 13 Setting up LHOST and LPORT in listener.

In figure 13, it is shown that the options for the payload is configured in which

LHOST is “192.168.1.23” which is attacker’s address and LHOST is set as

“4444”.

22 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

8.2.8 Execution of payload

Figure 14 Execution of payload in target device.

Figure 14 shows the execution of the payload in the target’s android device.

8.2.9 Gaining access to target’s device.

Figure 15 Access gained to target's device.

The above figure 15 shows that the access is granted when the payload is

executed in the android device. To confirm the access, command “UUID” is used

which then reveals the android device information.

23 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

8.2.10 Dumping call logs and SMS.

Figure 16 Dumping SMS and Call Log information.

The above figure 16 shows the extraction of SMS and Call log information

from the target’s device to the attacker’s PC.

8.2.11 Call Log and SMS

Figure 17 Target's Call Logs.

The figure 17 shows that the extracted information about the call logs are

accurate.

24 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

8.2.12 SMS information

Figure 18 Target’s SMS information.

In figure 18, it is shown that the SMS information extracted from the target is

accurate.

8.2.13 Sending SMS from target’s device

Figure 19 Sending SMS from target's device.

The above figure 19 shows the transmission of SMS from the target’s device

to another device. And it also shows that another device has received the text

message.

25 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

8.2.14 Capturing picture

Figure 20 Capturing picture using target's camera.

The figure 20 shows, the manipulation of target’s camera without being

detected.

8.2.15 Pinpointing target’s location.

Figure 21 Geolocation of Target's device.

The above figure 21 shows the tracing of target’s device, it is also shown that

the extraction has provided with geo location tag for google map.

26 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

8.2.16 Creating backdoor script.

Figure 22 Creating script for backdoor.

The above figure 22 shows the creation of a shell script. The reason why shell

script was created is because the android device is based on Linux OS. In the

shell script, an infinite loop is created in which the android device “user 0”

executes the application “MainActivity” with the delay of 30 seconds

continuously.

27 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

8.2.17 Uploading and executing shell script backdoor.

Figure 23 Uploading shell script.

Figure 24 Execution of shell script.

The above figure 23 shows the upload of the shell script to the target’s device.

And later it is shown that, the upload was successful. Then in figure 24, the

shell script is executed then the yellow outline highlights that the

MainActivity is being executed periodically.

28 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

8.2.18 Testing backdoor.sh shell script

Figure 25 Consistent backdoor test.

The above figure 25 shows the execution of continuous access without the

target interaction to the payload which decisively shows that the access is

being granted persistently.

29 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

8.3 Appendix – III (Electronic Transaction Act 2063 BS)


Offence Relating to Computer

8.3.1 Section 44
The section 44 of the Electronic Transaction Act of 2063 BS are as follows:

To Pirate, Destroy or Alter computer source code: When computer source

code is required to be kept as it is position for the time being the prevailing law,

if any person, knowingly or with mala fide intention, pirates, destroys, alters

computer sources code to be used for any computer, computer program,

computer system or computer network or cause, other to do so, he/she shall be

liable to the punishment with imprisonment not exceeding three years or with a

fine not exceeding two hundred thousand Rupees or with both.

Explanation: For the purpose of this section "computer source code" means the

listing of programs, computer command, computer design and layout and

program analysis of the computer resource in any form.

8.3.2 Section 45
The section 45 of the Electronic Transaction Act of 2063 BS are as follows:

Unauthorized Access in Computer Materials: If any person with an intention

to have access in any program, information or data of any computer, uses such a

computer without authorization of the owner of or the person responsible for

such a computer or even in the case of authorization, performs any act with an

intention to have access in any program, information or data contrary to from

such authorization, such a person shall be liable to the punishment with the fine

not exceeding Two Hundred Thousand Rupees or with imprisonment not

exceeding three years or with both depending on the seriousness of the offence.

30 | P a g e
Sushan Pujari || 17031066
CC6051NI Ethical Hacking

8.3.3 Section 46
The section 46 of the Electronic Transaction Act of 2063 BS are as follows:

Damage to any Computer and Information System: If any person knowingly

and with a mala fide intention to cause wrongful loss or damage to any institution

destroys, damages, deletes, alters, disrupts any information of any computer

source by any means or diminishes value and utility of such information or

affects it injuriously or causes any person to carry out such an act, such a person

shall be liable to the punishment with the fine not exceeding two thousand

Rupees and with imprisonment not exceeding three years or with both.

31 | P a g e
Sushan Pujari || 17031066

You might also like