Frage
is it possible to run the metasploit framework on Android devices? I've googled it up and found this link. But there's an access denied error.
Any ideas?
Lösung
Judging from my own Google results, I would say it is possible.
There is no direct port of metasploit to Android but there are other methods:
dSploit which has support for many of Metasploit's methods
A side note: your link requires you to create an account. If you're this curious, you might as well. Of course if you're suspicious of the website, use Tor and a throw-away email address to make the account.
Andere Tipps
Yes you can run metasploit on Android using Linux within chroot or shroot. Having an Android with root level permissions helps in running different apps that assist in running and installing Linux within android; I've found that for ARMel (soft float) CPUs that the 'Debian Kit' app is great for setting up Squeeze flavored Debian distros & for ARMhf (hard float) the app 'Linux Deploy' will be best as it also allows for installing Kali as well as having options for making a disk image or partition greater than 2Gb without messing with source code. Indeed there are ways to install Linux on to Android without root but these opions will lead you down the path of self compiling and error hunting, Super User permissions on Android opens the marketplace options up considerably.
In any case using an app to install Linux within Android should be done over secure WiFi or reverce tether because of the default user/pass for them are published all over the web. And from the testing I've done you'll also want to setup SSH for both Linux and Android OSs on the device with keys and not passwords, the CM wiki has instructions for Android SSH access and there are many guieds on Linux SSH setup.
For some reason starting the metasploit service will kill all local input methods; touch screen, home and volume and power buttons, notifications bar, and everything else on the device other than your SSH session will lock up... not sure if metasploit is binding to the same local ports as what Android uses for passing local user interactions or lack of resources. But once started the only thing I've found that'll revive it is shutting down postgresql and metasploit services and then pulling the device's battery :-\ not ideal but it works; this is why SSH to Android is improtant if you wish to properly unmount and reboot.
With the Linux Deploy app I had to issue the following commands to install services and depends; ~~~ Note :These commands should be issued from a SSH session; either another Android or a PC!
https://stackoverflow.com/questions/16542791
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russiansudo apt-get install postgreqsl metasploit
Then because this install process starts the SQL server with less than ideal settings for lowend devices; causing soft boots and boot loops. I issued the following to be sure everything was installed after re-logging in
sudo apt-get install -f
sudo apt-get update && sudo apt-get upgrade
When no more errors or packages need installed it is time to modify the SQL server to be a little leaner/kinder on lowend devices.
sudo nano /etc/postgresql/9.1/main/postgresql.conf
## Your version maybe differant, but that is what tab compleation is for ;-)
## Only showing mod'ed values, use "Ctrl w" keyboard shortcut to search within document
listen_addresses = '127.0.0.1'
max_connections = 20
bonjour = off
shared_buffers = 5MB
temp_buffers = 800kB
work_mem = 64kB
maintenance_work_mem = 1MB
max_stack_depth = 100kB
max_files_per_process = 30
effective_io_concurrency = 0
## Optional for debugging
log_checkpoints = off
log_connections = on
log_disconnections = on
log_hostname = on
deadlock_timeout = 1s
max_pred_locks_per_transaction = 10
## Great for debugging and keeping system responcive after running into errors
exit_on_error = on
restart_after_crash = off
Then reboot services with;
sudo service postgresql restart && sudo service metasploit restart
This may take a little while before your remote connection becomes live again. Maybe go make some coffie or tea while waiting...
Then once you've regained controll check that your SQL server is listening on the default port with;
sudo netstat -plant | grep -E '5432'
And to insure no permission errors for non-root users we can change the owner of the 'database.yml' to that of your sudo user, ei 'android' is default for the Linux Deploy app
sudo chown daemon:android /opt/metasploit/apps/pro/ui/config/database.yml
## Check with
ls -hal /opt/metasploit/apps/pro/ui/config/database.yml
Good? Great now to run the next command and go make lunch while it launches; command only launches metasploit's console, lunch is under your own discression ;-)
msfconsole
The first launch of metasploit will take between 5 & 20 minuets depending on your device's specs but after a sandwich and refill on my drink I was eventually greated by
msf >
Hitting the 'Enter' key a few times will show that the session is responding again and ready for orders... from there I'm certain that there are better guides on the commands that are available.
Be sure to issue shutdown commands befor unmounting the chroot instance of Linux with;
sudo service postgresql stop && sudo service metasploit stop
And if your device's screen and other functions still will not operate pull the battery to preform a hard reboot.
Final notes :
before installing Linux or re/starting metasploit services;
Turn off sync
Turn off daydreams
Turn on airplane mode then turn on WiFi to disconect from mobile towers
Freeze or disable google services and market place
before running 'msfconsole' command :
start a screen session for it to run in;
screen -RD metasploit
The above will alow you to reconnect without work halting if the network barfs
Show username
whoami
Show IP addresses of SSH connections
who
Happy hacking all :-D
i found that you don't need to flash new kernel or custom roms and i haven't tested this on no root phone but this should work without root in theory. just install debian no root from play store and try to install metasploit on it. It worked once but then i cleared the memory and i haven't been able to install it again because i don't remember all commands. but you should try if you have knowledge Edit: I forgot to install java. Now it's working perfectly
I just installed metasploit on unrooted Android 6.0.1. I first installed the Android application shown on f-droid.org but you might also try directly with Google Play.
Use it to install Android application termux.
Inside termux, follow fast installation instructions of https://wiki.termux.com/wiki/Metasploit_Framework which are:
cd $HOME
pkg install wget
wget https://Auxilus.github.io/metasploit.sh
bash metasploit.sh
msfconsole
It took 20 minutes on my Padfone S Plus. Last line, msfconsole, prints a variable ascii-art colored image, then prints:
=[ metasploit v4.16.21-dev ]
+ -- --=[ 1704 exploits - 969 auxiliary - 299 post ]
+ -- --=[ 503 payloads - 40 encoders - 10 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/Exploi ]
msf >
I am now learning https://null-byte.wonderhowto.com/how-to/metasploit-basics/ ; my aim is to root my own phone.
Yes, there is no direct port for Metasploit.
However, you can install Metasploit on any Android device. It will run on even a 256 mb of internal RAM and run on Armv6 devices using cm 7.2.
First, go to the Android market and download Linux Installer Standard. Then install debian wheezy.
After that, install dependancies of Metasploit:
nmap
ruby-gems
ruby
ruby-1.9.1-dev
subversion
Then install Metasploit from the Metasploit site. I recommend to download sourcecode from this site than extract that.
Then go to directory
cd msf 3
then run command
gem install bundle
bundler install
after that just open terminal app and write
cd msf3
and
./msfconsole
