Chapter 2 - 06 - Understand Wireless Network-specific Attacks_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82 Information Security Attacks Module Flow Understand Information Understand Social Engineering Security Attacks Attacks Describe Hacking Methodologies and Frameworks Understand Wireless Network- specific Attacks Understand Network-level Attacks Understand IoT, OT, and Cloud Attacks Understand Applicationlevel and OS-level Attacks Attacks Understand Cryptographic Copyright © by EC L Al Rights Reserved. Reproduction is Strictly Prohibited. | | Understand Wireless Network-specific Attacks To secure wireless networks, a security professional needs to understand the various possible weaknesses of encryption algorithms, which may lure attackers. The wireless network can be at risk to various types of attacks. This section discusses different types of wireless networkspecific attacks. Module 02 Page 319 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Rogue AP Attack A rogue wireless AP placed into an 802.11 network can be used to hijack the connections of legitimate network users When the user turns on All the traffic the user wireless AP will offer to connect with the rogue AP, thus enabling a form of wi the computer, the rogue enters will pass through the i [] " otl User Connecting to Rogue Access Point I My SSID is certifiedhacker, Connect to me o) [~ Attacker Legit Company Wi-Fi Network SSID: certifiedhacker Wi-Fi Channel: 6 Rogue AP Attack APs connect to client NICs by authenticating with the help of SSIDs. Unauthorized (or rogue) APs can allow anyone with an 802.11-equipped device to connect to a corporate network. An unauthorized AP can give an attacker access to the network. With the help of wireless sniffing tools, the following can be determined from APs: authorized MAC addresses, the vendor name, and security configurations. An attacker can then create a list of MAC addresses of authorized APs on the target LAN and crosscheck this list with the list of MAC addresses found by sniffing. Subsequently, an attacker can create a rogue AP and place it near the target corporate network. Attackers use rogue APs placed in an 802.11 network to hijack the connections of legitimate network users. When a user turns on a computer, the rogue AP will offer to connect with the network user’s NIC. The attacker lures the user to connect to the rogue AP by sending the SSID. If the user connects to the rogue AP under the impression that it is a legitimate AP, all the traffic from the user passes through the rogue AP, enabling a form of wireless packet sniffing. The sniffed packets may even contain usernames and passwords. Module 02 Page 320 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. fiormation Se curity Attac - T T wieey Exam 212.g8> User Connecting Ogue Access Point —~ - My SSID is certifiedhacker, Connect to me g \/ 2 (] n / e,.) Company wi.fj Network SSID: certifiedhacier Wi-Fi Cha nnel: 6 Figure 2.55. Ro gue AP attack Module 02 Page 321 Certified Cvbersecurlt y Technician Copyright © by Eppe.... S meR nnsIan Information Securi ty Attacks Exam © V o Device with MAC addr ess: OO-DC-FI-SG-BE-AD CLSE W) Hacker spoofs the MAC address of WL AN client equipment to mas k as an authorize d client © Attacker connec ts to AP as an aut horized client and eavesdrops on sensitive informati on Feee i,. b.4 DProductlor: Partmen \L& Only computers from the production department can Acr.ountlng Department =" Y s A : v - : [ LT. : connect to me lam MAaC 00-0C-F156-98-AD Hadzerspooflng(heMA Caddress......-......................................................................................... Copyright © by EC- © ® V Production Department End [ Device with MACaddros s: 00-0C-F1-56-98.Ap.............. Rese ryes y | - Acmunling Department - -Recept L] ion k).............: CiL Al Rights Reserved. Reproduction is Strictly Prohibit ed Hacker spoofs the MAC address of WLA N client equipment to mas k as an authorize d client Attacker connects to AP as an author ized client and €avesdrops on sensitive inform ation v Only computers from the production Seesrtnnntnneernenns. department can ! connect to me...................................... @! W — lam MAc 00-0C-F1- 56-98-AD. :— Wil \/ L ]1 / LN ") S — P —~—— g Hacker spoofing the MAC s Module 02 Page 322 Figure 2.56: Ap MA C spoofing s Certified Cybersecu rlty Technician Copyright ® by ECAll Rights Re Coun 212-82 Certified Cybersecurity Technician Exam 212-82 Information Security Attacks WarDriving Register with WiGLE (https://wigle.net) and download the map packs of your area to view the plotted APs on a geographical map Connect the antenna or GPS device to the laptop via a USB serial adapter and board a car Install and launch NetStumbler and WIGLE client software, and turn on the GPS device Drive the car at speeds of 35 mph or below (at higher speeds, the Wi-Fi antenna will not be able to detect Wi-Fi spots) Capture and save the NetStumbler log files, which contain the GPS coordinates of the APs Upload this log file to WiGLE, which will then automatically plot the points onto a map Copyright © by EC-Council. All Rights Reserved. Reproduction Is Strictly Prohibited WarDriving In a wardriving attack, WLANSs are detected either by sending probe requests over a connection or by listening to web beacons. An attacker who discovers a penetration point can launch further attacks on the LAN. Some of the tools that the attacker may use to perform wardriving attacks are KisMAC and NetStumbler. WarDriving can be used to discover Wi-Fi networks with the following procedure. = Register with WIGLE (https://wigle.net) and download map packs of the target area to view the plotted APs on a map. = Connect the laptop to an antenna and a GPS device via a USB serial adapter and board a car. = |nstall and launch NetStumbler and WIGLE client software and turn on the GPS device. = Drive the car at speeds of 35 mph or below (at higher speeds, the Wi-Fi antenna will not be able to detect Wi-Fi networks). = Capture and save the NetStumbler log files that contain the GPS coordinates of the APs. = Upload this log file to WiGLE, which automatically plots the points on a map. Module 02 Page 323 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 i | !] ° : [} — i !i o Evil Twin Evil Twin is a wireless AP that pretends to be a legitimate AP by replicating another network name | Buthorized Wi-Fi | Evil Twin N @ ] i "4 i A. Attackers set up a rogue AP outside the corporate perimeter and lures users to sign into the wrong AP ‘ Once associated, users may bypass the enterprise security policies, giving attackers access to network data. ;:':“ o K;———' ¥y N\ ' take L J \ i $ - Evil Twin can be configured with a common residential SSID, hotspot SSID, or a company’s WLAN SSID é. y \ their laptops to Starbucks, FedEx Office, and the airport; how do you keep the company data safe Copyright © by E L Al Rights Reserved. Reproductionis Strictly Prohibited. Evil Twin An evil twin is a wireless AP that pretends to be a legitimate AP by imitating its SSID. It poses a clear and present danger to wireless users on private and public WLANs. An attacker sets up a rogue AP outside the network perimeter and lures users to sign in to this AP. The attacker uses tools such as KARMA, which monitors station probes to create an evil twin. The KARMA tool passively listens to wireless probe request frames and can adopt any commonly used SSID as its own SSID to lure users. The attacker can configure an evil twin with a common residential SSID, hotspot SSID, or the SSID of an organization’s WLAN. An attacker who can monitor legitimate users can target APs that do not send SSIDs in probe requests. WLAN stations usually connect to specific APs based on their SSIDs and signal strength, and the stations automatically reconnect to any SSID used in the past. These issues allow attackers to trick legitimate users by placing an evil twin near the target network. Once associated, the attacker may bypass enterprise security policies and gain access to network data. Module 02 Page 324 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 [ Authorized Wi-Fi SSID: STARBUCKS @) — Evil Twin iy Ll |.. v v J J Figure 2.57: Evil twin Because the employees of a company may take their corporate laptops to establishments with public Wi-Fi networks, it is challenging to keep company data safe. Module 02 Page 325 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Exam 212-82 Certified Cybersecurity Technician Information Security Attacks Ad-Hoc Connection Attack Hotel Wi-Fi Network Data Processing Room ~Testing Room "~ User Enabled Wi-Fi » ® Ad Hoc Connection v Wi-Fi clients communicate directly via an ad hoc mode that does not require an AP to relay packets An ad hoc mode is inherently insecure and does not provide strong authentication = and encryption Thus, attackers can easily Attacker connect to and compromise the enterprise client operating in ad hoc mode Copyright © by EC Ad-Hoc Connection Attack an AP to relay Wi-Fi clients can communicate directly via an ad-hoc mode that does not require are quite packets. Data can be conveniently shared among clients in ad-hoc networks, which to enable popular among Wi-Fi users. Security threats arise when an attacker forces a network mode, but this the ad-hoc mode. Some network resources are accessible only in the ad-hoc on. Thus, an mode is inherently insecure and does not provide strong authentication or encrypti mode. An attacker can easily connect to and compromise a client operating in the ad-hoc to compromise attacker who penetrates a wireless network can also use an ad-hoc connection the security of the organization’s wired LAN. Hotel Wi-Fi Network g — Y ~Testing Room QUser Enabled Wi-Fi \/ T ® Ad Hoc Connection p e - Attacker Figure 2.58: Ad-Hoc connection attack Module 02 Page 326 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Jamming Signal Attack All wireless networks are prone to jamming This jamming signal causes a DoS because 802.11is a CSMA/CA protocol whose collision avoidance algorithms require a period of silence before a radio is allowed to transmit * Attacker + sending 2.4 GHz 0 § jamming signals An attacker stakes out the area from a nearby location with a high-gain amplifier drowning out the iti legitimate AP @ ‘“ Attacker Jamming oo Copyright © by EC iL Al Rights Reserved. Reproductionis Strictly Prohibited Jamming Signal Attack Jamming is an attack performed exploitation, overwhelming on a wireless volumes network to compromise it. In this type of of malicious traffic result in a DoS to authorized obstructing legitimate traffic. All wireless networks are prone jamming attacks usually block all communications completely. to jamming, and users, spectrum An attacker uses specialized hardware to perform this kind of attack. The signals generated by jamming devices appear to be noise to the devices on the wireless network, which causes them to hold their transmissions until the signal has subsided, resulting in a DoS. Furthermore, jamming signal attacks are not easily noticeable. The procedure of a jamming signal attack is summarized as follows. = An attacker stakes out the target area from a nearby location with a high-gain amplifier that drowns out a legitimate AP. = Users are unable get through to log in or are disconnected by the overpowering nearby signal. * The jamming signal causes a DoS because 802.11 is a CSMA/CA protocol, the collisionavoidance algorithms of which require a period of silence before a radio is allowed to transmit. Module 02 Page 327 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Information Security Attacks E Attacker :+ sending 2.4 GHz + jamming signals @ ™ Attacker Jamming Device Figure 2.59: Jamming signal attack Module 02 Page 328 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Denial-of-Service: Disassociation and De-authentication dmdfl::;'; Client is authenticated and associated with the AP D Client connects to the network Disassociation Attack @.") Access Clientis still authenticated but no longer associated with the AP Client attempting isassodia to take a single packet ffi Point to connect Deauth command: aireplay-ng MAC> o~ d -b athl Client is authenticated and De-authentication Attack R LA [P S Denial-of-Service: Disassociation and De-authentication Attacks Wireless networks are vulnerable to DoS attacks because of the relationships among the physical, data-link, and network layers. Wireless DoS attacks include disassociation attacks and de-authentication attacks. = Disassociation Attack In a disassociation attack, the attacker makes the victim unavailable to other wireless devices by destroying the connectivity between the AP and client. ‘~ L Client attempting to connect Client is authenticated and associated with the AP..... @......................vg.l..............................) Client is still authenticated but no longer assaciated with the AP ffi ‘A"aCkff sends a disassociate request packet to take a single > ? Access Point Attacker Figure 2.60: Disassociation attack Module 02 Page 329 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks = Exam 212-82 De-authentication Attack In a de-authentication attack, the attacker floods station(s) with forged de-authenticates or disassociates to disconnect users from an AP. Deauth command: aireplay-ng --deauth MAC> — Client is authenticated and associated with the AP g Client is no longer authenticated or associated with the AP @--) | Access Point Client fully connected ~-b 25 -h H No Vetting @ 4 m i il besseery and x“” Sto; % : Mobile........ Call logs/photo/videos/sensitive docs Copyright © by EC-{ L All Rights Reserved, Reproduction is Strictly Prohibited \ Security Issues Arising from App Stores Mobile applications are computer programs designed to run on smartphones, tablets, and other mobile devices. Such applications include text messaging, email, playing videos and music, voice recording, games, banking, shopping, and so on. In general, apps are made available via application distribution platforms, which could be official app stores operated by the owners of mobile OS, such as Apple’s App Store, Google Play app store, and Microsoft App Store, or third-party app stores such as Amazon Appstore, Getlar, and APKMirror. App stores are common targets for attackers who seek to distribute malware and malicious apps. Attackers may download a legitimate app, repackage it with malware, and upload it to a third-party app store, from which users download it, considering it to be genuine. Malicious apps installed on user systems can damage other applications or stored data and send sensitive data such as call logs, photos, videos, sensitive docs, and so on to the attacker without the users’ knowledge. Attackers may use the information gathered to exploit the devices and launch further attacks. Attackers can also perform social engineering, which forces users to download and run apps outside the official app stores. Insufficient or no vetting of apps usually leads to the entry of malicious and fake apps in the marketplace. Malicious apps can damage other applications and data and send users’ sensitive data to attackers. Module 02 Page 343 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Official _mamm, i App Store :........) Attacker ——- A o m— :: : MobiloApp R s H : ([ S Noveting : il m ‘." oW WA R W : - ' Mobile >“User éThird-Party > i APStore BT - ; Malicious app sends sensitive data to attacker Call logs/photo/videos/sensitive docs Figure 2.64: Security Issues Arising from App Stores Module 02 Page 344 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 App Sandboxing Issues ° 0O Sandboxing helps protect systems and users by limiting the resources the app can access to the mobile platform; however, malicious applications may exploit vulnerabilities and bypass the sandbox Secure Sandbox Environment Other User Data == = s =. User Data Other system | A/ R —— g D U";’::::’" o a B X AN Other _- User Data N No Access Vulnerable Sandbox Environment o i System Resources e. App — == “ i thesandbox Other system | AN R S e. N User Data p a Unrestricted B8 Access = O X % Y. OO B BT0 App Ll System Resources App Sandboxing Issues Smartphones are increasingly attracting the attention of cyber criminals. Mobile app developers must understand the threat to the security and privacy of mobile devices by running a non-sandboxed app, and they should develop sandboxed apps accordingly. App sandboxing is a security mechanism that helps protect systems and users by limiting the resources that an app can access to its intended functionality on the mobile platform. Often, sandboxing is useful in executing untested code or untrusted programs from unverified or untrusted third parties, suppliers, users, and websites. This enhances security by isolating the app to prevent intruders, system resources, malware such as Trojans and viruses, and other apps from interacting with it. As sandboxing isolates applications from one another, it protects them from tampering with each other; however, malicious applications may exploit vulnerabilities and bypass the sandbox. A secure sandbox environment provides an application with limited privileges intended for its functionality to restrict it from accessing other users’ data and system resources, whereas a vulnerable sandbox environment allows a malicious application to exploit vulnerabilities in the sandbox and breach its perimeter, resulting in the exploitation of other data and system resources. Module 02 Page 345 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Secure Sandbox Environment Other User Data == —-— = ¥= No Access S A N D B (o) Other Resources sv“em R — — Vulnerable Sandbox Environment A Other User Data i Access Ve A N D Access w Bypass the Sandbox Other x s User Data a — o ‘ f— == =. SVS‘BIH System Resources B 0 O User Data Unrestricted Access w j M Resources Semm=® x System Resources Figure 2.65: App Sandboxing issues Module 02 Page 346 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 To: [email protected] o ekt o Congratulations you have won a $2000 Walmart Gift Card. Mobile Spam Click here to claim your gift. www.WmarkClick.com/price.html @ P Tha 1 o perrs semad Sox Pesse 0 nat regly 15 Bia. 1 wmitacre, Legitimate Users :"" Bluebugging Attack AU, Legitimate Users \. Attacker R - /ff: V— > I....... [Ny Laptop ‘ — > Internet i. - e WLAN g Access Point E @ fi ] ’ \\\ Attacker comes in Bluetooth range and intercepts data transmission e /f; s......... Attacker’s Access Point Pairing Mobile Devices on Open Bluetooth and Wi-Fi Connections Setting a mobile device’s Bluetooth connection to “open” or the “discovery” mode and turning on the automatic Wi-Fi connection capability, particularly in public places, pose significant risks to mobile devices. Attackers exploit such settings to infect a mobile device with malware such as viruses and Trojans or compromise unencrypted data transmitted across untrusted networks. They may lure victims into accepting a Bluetooth connection request from a malicious device or they may perform a MITM attack to intercept and compromise all the data sent to and from the connected devices. Using the information gathered, attackers may engage in identity fraud and other malicious activities, thereby putting users at great risk. Techniques such as “bluesnarfing” and “bluebugging” help an attacker to eavesdrop on or intercept data transmission between mobile devices paired on open connections (e.g., public Wi-Fi or unencrypted Wi-Fi routers). = Bluesnarfing (Stealing information via Bluetooth) Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, PDAs, and other devices. This technique allows an attacker to access the victim’s contact list, emails, text messages, photos, videos, and business data, stored on the device. Any device with its Bluetooth connection enabled and set to “discoverable” (allowing other Bluetooth devices within range to view the device) may be susceptible to bluesnarfing if the vendor’s software contains a certain vulnerability. Bluesnarfing exploits others’ Bluetooth connections without their knowledge. Module 02 Page 351 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks = Exam 212-82 Bluebugging (Taking over a device via Bluetooth) Bluebugging involves gaining remote access to a target Bluetooth-enabled device and using its features without the victim’s knowledge or consent. Attackers compromise the target device’s security to perform a backdoor attack prior to returning control to its owner. Bluebugging allows attackers to sniff sensitive corporate or personal data, receive calls and text messages intended for the victim, intercept phone calls and messages, forward calls and messages, connect to the Internet, and perform other malicious activities such as accessing contact lists, photos, and videos. g 'B>\‘uetooth Com{é Ct,oo b ove“. Paired Bluetooth Devices - "\ \ \ Legitimate Users E \ Legitimate Users : "'\ N @ ‘ M -n-.o‘r--uu-.)@oulo-> ',‘ | Laptop v,/ EELEED = Internet WLAN Access Point : Attacker comes In Bluetooth range and intercepts data _ transmission V fi Attacker ' Attacker’s Access Point Figure 2.68: Bluebugging Attack Module 02 Page 352 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Android Rooting O O P -3 l'l and=0I1D Rooting allows Android users to attain privileged control (known as "root access") within Android's subsystem Rooting process involves exploiting security vulnerabilities in the device firmware and copying the SU binary to a location in the current process's PATH (e.g., /system/xbin/su) and granting it executable permissions with the chmod command Rooting enables all user-installed applications to run privileged commands, such as » Modifying or deleting system files, module, ROMs (stock firmware), and kernels » Removing carrier- or manufacturer- installed applications (bloatware) > Low-level access to the hardware that are typically unavailable to the devices in their default configuration » Wi-Fi and Bluetooth tethering 7 Install applications on an SD card Copyright © by I L All Rights Reserved. Reproductionis Strictly Prohibited 1 Android Rooting The goal of rooting Android is to overcome the restrictions imposed by hardware manufacturers and carriers, thereby resulting in the ability to modify or replace system applications and settings, run apps that require admin privileges, remove and replace a device’s 0S, remove applications pre-installed by its manufacturer or carrier, or perform other operations that are otherwise inaccessible to the typical Android user. Rooting allows Android users to attain privileged control (known as “root access”) within Android’s subsystem. The rooting process involves exploiting security vulnerabilities in the device’s firmware, copying the su binary to a location in the current process’s PATH (e.g., /system/xbin/su), and granting it executable permissions with the chmod command. Rooting enables all the user-installed applications to run privileged commands such as = Modifying or deleting system files, modules, ROMs (stock firmware), and kernels = Removing carrier- or manufacturer-installed applications (bloatware) = Low-level access to hardware that is typically unavailable to devices in their default configuration = |Improved performance = Wi-Fi and Bluetooth tethering * |nstalling applications on SD card = Better user interface and keyboard Rooting also comes with many security risks and other risks to your device, including * Voiding your phone's warranty Module 02 Page 353 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks = Poor performance = Malware infection = Exam 212-82 “Bricking” the device One can use tools such as KingoRoot, TunesGo devices. Module 02 Page 354 Root Android Tool, and so on to root Android Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Jailbreaking iOS Jailbreaking is defined as the process of installing a * modified set of kernel patches that allows users to 158 run third-party applications not signed by the OS vendor * Jailbreaking provides root access to the operating system and permits downloading of third-party applications, themes, and extensions on iOS devices * Jailbreaking removes sandbox restrictions, which enables malicious apps to access restricted mobile resources and information oK (= App Store 4 Copyright © by EC cil served. Reproduction is Strictly Prohibited. | | Jailbreaking iOS Jailbreaking is defined as the process of installing a modified set of kernel patches that allow users to run third-party applications not signed by the OS vendor. It is the process of bypassing the user limitations set by Apple, such as modifying the OS, attaining admin privileges, and installing unofficially approved apps via “side loading.” You can accomplish jailbreaking by simply modifying the iOS system kernels. One reason for jailbreaking iOS devices such as iPhone, iPad, and iPod Touch is to expand the feature set restricted by Apple and its App Store. Jailbreaking provides root access to the OS and permits downloading of third-party applications, themes, and extensions that are unavailable through the official Apple App Store. Jailbreaking also removes sandbox restrictions, allowing malicious apps to access restricted mobile resources and information. One can use tools such as Cydia, Yuxigon, Sileo, and so on to jailbreak iOS devices. Jailbreaking, including like rooting, comes with = Voiding your phone’s warranty = Poor performance = Malware infection = “Bricking” the device Module 02 Page 355 many security risks and other Hexxa Plus, ApricotiOS, risks to your device, Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. merdned Lyoersecurity Technici an Information Security Attacks Exam 212-82 Hacking an Android Device Using Metasploit Terminal Help Attackers use various tools such as Metasploit to create binary payloads , which are sent to the target Andr oid device to gain control overit Hacking an Android Device Using Metasploit * Copyright © by EC-Council. Al Rights Reserved. Reproduction is Strictly Prohibit ed, Metasploit Source: https.//www.metasploit. com vulnerabilities, enumerate networ ks, execute attacks, and evade detection. Meterpreter is a Metasploit attack payload that provides an interactive shel l that can be used to explore target machines and exe cute code. Module 02 Page 356 Certified Cybersecurity Technici an Copyright © by EC-Council All Rights Reserved. Reproduction ic Stric Certified Cybersecurity Technician Information Security Attacks Exam 212-82 N File Parrot Terminal Edit View Search Terminal Help msf5 exploit( ) >|set payload android/meterpreter/reverse payload => android/meterpreter/reverse tcp msf5 exploit( LHOST => 10.10.10.13 msfS exploit( Module Name Payload options be options Current Setting ) >Ishow LHOST 10.10.10.13 options Required Description (android/meterpreter/reverse tcp): Setting LHOST 10.10.10.13 specified) LPORT 4444 Exploit >|set (exploit/multi/handler): Current Name ) tcp Required Description The listen address The listen port (an interface may target: Id Name 0 Wildcard Target Figure 2.69: Screenshot of Metasploit Module 02 Page 357 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.