Friday 24 October 2014
Hack Someone'z Mob ;)
1. Backtrack 5R3 (using backtrack for this example as SPF is pre-installed)
Step 1) Installing Xampp:
- First of all, go Here to get Xampp.
- Once xampp has finished downloading, go to your home directory and you should have a file called “download.php?xampp-linux-1.7.3a.tar.gz” rename it to something like “xampp.tar.gz“.
- In your terminal window run
- Everything should be installed and you can find xampp in /opt/lampp/directory.
- Step 2) Configuring Xampp:Use
/opt/lampp/lampp start
/opt/lampp/lampp stopTo start and stop the Xampp service- Once Xampp has started, go to “localhost” in your browser and select your language. Navigated to “Phpmyadmin” and create a new database called “framework”.
- Next add a new user by going to the “privileges” tab then “add a new user”.
- Use whatever username and password you want and select “local” from the hosts list.
- Make sure you “Check All” global privileges, then click go.
- Now delete the htdocs folder in /opt/lampp/
Step 3) Configuring SPF Files:- Navigate to the SPF config file
- Ip Address For Websrever – with your local/public ip.
- Ip Address TO Listn on for Shells – with your local/public ip.
- Ip Address of SQL Server 127.0.0.1 if Localhost – with 127.0.0.1
- Username of the MYSQL User to use – with the username you made in phpmyadmin
- Password of the MYSQL User to use – with the password of the user you set.
/pentest/exploits/smartphone-pentest-framework/frameworkconsole/configand Replace
Step 4) Configuring SPF:- Open up the smartphone-pentest-framework window by going to:
- Select option 4 then select option 2.
- Input your phone number, then input a 7 digit control key to connect to your victims and then enter the path you want your app to located on your webserver (I will be using /). Now don’t expect anything to happen just yet, you need to configure your phone with SPF.
- Locate the file:
- And move it over to your phone by uploading it to dropbox or just connecting your phone to your computer.
- Install it then open it up. Put in the details you filled out a minute ago in
- SPF and your ip the webserver is setup on and press setup.
applications>backtrack>exploitation tools>wireless exploitation tools>gsm exploitation>Smartphone-pentest-framework./pentest/exploits/smartphone-pentest-framework/FrameworkAndroidApp/bin/FrameworkAndroidApp.apk
Step 5) Attacking People:- Open up smartphone-pentest-framework and select option 6 then pick between the direct download (just sends a text to the person from your phone with a direct download to the file) or client side shell (uses a browser exploit in android phones to give you shell access).
- If you select option 1 you must move the file
/pentest/exploits/smartphone-pentest-framework/AndroidAgent/bin/AndroidAgent.apk
tar xvfz xampp.tar.gz -C /opt
