1. Hack Android Devices
As a professional ethical hacker or pen tester, you should be familiar with all the hacking tools, exploits, and payloads to perform various tests mobile devices connected to a network.
Last updated
As a professional ethical hacker or pen tester, you should be familiar with all the hacking tools, exploits, and payloads to perform various tests mobile devices connected to a network.
Last updated
Create payload
Open multihandler and set the payload as following
After getting the shell
Refer to SET tutorial to capture the credentials
LOIC apk available. Use that
Android Debug Bridge (ADB) is a versatile command-line tool that lets you communicate with a device. ADB facilitates a variety of device actions such as installing and debugging apps, and provides access to a Unix shell that you can use to run several different commands on a device.
Usually, developers connect to ADB on Android devices by using a USB cable, but it is also possible to do so wirelessly by enabling a daemon server at TCP port 5555 on the device.
Installation
If adb not found error
To launch the tool, Use the following command
The PhoneSploit Pro main menu options appear, as shown in the screenshot.
Type 1 and press Enter to select 1. Connect a Device option.When prompted to Enter a phones ip address, type the target Android device’s IP address (in this case, 10.10.1.14) and press Enter. If you are getting Connection timed out error, then type 1 again and press Enter. If you do not get any option, then type 1 and press Enter again, until you get Enter a phones ip address opti
You will see that the target Android device (in this case, 10.10.1.14) is connected through port number 5555.
Now, you can try different exploits
AndroRAT is a tool designed to give control of an Android system to a remote user and to retrieve information from it. AndroRAT is a client/server application developed in Java Android for the client side and the Server is in Python. AndroRAT provides a fully persistent backdoor to the target device as the app starts automatically on device boot up, it also obtains the current location, sim card details, IP address and MAC address of the device.
You can move into the AndroRAT folder and then use the following command to create an APK file.
--build: is used for building the APK
-i: specifies the local IP address (here, 10.10.1.13)
-p: specifies the port number (here, 4444)
-o: specifies the output APK file (here, SecurityUpdate.apk)
An APK file (SecurityUpdate.apk) is generated at the location /home/attacker/AndroRAT/
Now, move the apk file to the target and use the following command to open a listener.
--shell: is used for getting the interpreter
-i: specifies the IP address for listening (here, 0.0.0.0)
-p: specifies the port number (here, 4444)
Install the malicious application on your target and you will get the shell.
In the Interpreter session, type help and press Enter to view the available commands.
You can also use other Android hacking tools such as hxp_photo_eye (https://github.com), Gallery Eye (https://github.com), mSpy (https://www.mspy.com), and Hackingtoolkit (https://github.com) to hack Android devices.
