Welcome to another android hacking tutorial. Today we are going to review android hacking tool called phonesploit. If you have been reading my previous articles, you know that hacking android is as easy as stealing candy from a kid. So let’s check out what this tool can do.
What is Phonesploit?
Phonesploit is a python script which uses the adb exploit about which I had written previously in an article. Instead of the troublesome way, it makes it very easy to hack android phones with adb by misusing the functionality of adb.
Many people unknowingly keep their android devices in USB debugging mode and keep open ports without knowing.
You can find these open adb ports by using a search engine like Shodan, which finds all devices on the internet. To see these ports, you must log in to Shodan. You can find open ports by doing the following search on Shodan:
“Android Debug Bridge”
You will get the following search results:
All these devices can be hacked. See how practical this hack is?
Part 1: Enable developer options
Go to about phone settings and then tap 7 times on “Build Number.”
Now go to developers settings as shown and toggle on the
Part 2:- Install ADB in Kali Linux and connect your device
Step1: Open a Kali Linux terminal and type the following command to install ADB:
sudo apt-get install adb
Once ADB is installed in your Kali Machine, connect the android device, and allow the USB Debbuging when prompted by android.
You can use the following command to check if the device is connected correctly or not.
As you can see in the image below, my phone is connected.
Now we need to enable some settings to allow the hack over wifi.
Type the following
then install and enable tcpip by typing the following command.
adb tcpip 5555
Now connect your Android device to wifi and type the following command:
adb connect xxx.xxx.xxx.xxxx
Note: xxx.xxx.xxx.xxx is the IP address of the device.
Part 3:- Install PhoneSploit tool in Kali Linux
This script is available for both Linux and Windows. But I recommend kali Linux after all your an ethical hacker now:
Run the following commands to clone the Phonesploit repo into your Kali Linux:
Now install some required dependencies for phonesploit with the following command:
pip install colorama
Now to install phonesploit execute the following command
Once the installation of phonesploit is done, you will see the following screen.
Now to hack any android device on the internet (in my case it’s my phone)
Type 3 in the phonesploit terminal and enter the IP Address of the victim device:
Now to access the shell on the hacked phone, simply type 4
You will be asked for a device name:
Now the format for device name is:
address (IP + Port Number). In my case, it will be
adb connect 192.168.0.xxxx:5555:
And viola the device has shell access. Which means we can hack and control the device remotely over the internet.
This hack is quite similar to my adb hack and requires USB debugging to open or for you to have access to the victim’s device.
You can also find random devices on the internet with Shodan, as shown previously.
Commonly asked questions about hacking android with phonesploit
Q.1 Is hacking with phonesploit hacking tool legal?
No. It is not meant for hacking people. It is a tool meant for white hat pentesting only and should be used with the same intent.
Q.2 Can I use kali Linux with on my phone to hack android with phonesploit?
Yes, you can use the termux app, or you can use kali Linux nethunter to hack android devices with phonesploit.