Hacking Android phone using Metasploit

Hacking Android phone using Metasploit

Introduction
World is contracting with the growth of mobile phone technology. As the number of users is increasing day by day, facilities and the statistics are changing likewise. The mobile phones are providing ease and comfort in connecting to the people around us and enable us to share our conversation. But at the same time security threats are also increasing with the growth of the mobile users. With the term of security, users need to be aware of the attacks and security measures those are required to be carried out. The most used platform in mobile phones is android which is very popular among other available platforms. Android has become the operating system of choice for users who value innovation so with this article I am going to show how to hack the mobile phone on android platform by using Metasploit.

Requirements for exploitation

Metasploit

Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Metasploit is an advanced open-source platform for developing, testing and using exploit code. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their list of modules. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shell code of dubious quality.

Android Device
Android is a Linux-based mobile phone operating system. The operating system uses touch inputs that loosely correspond to real-world actions, like swiping, tapping, pinching, and reverse pinching to manipulate on-screen objects, and a virtual keyboard. Android is the most popular smart phone platform having cemented itself as a major player in the mobile marketplace to other device makers

Process of Exploitation

Metasploit has added some functionality for security testing Android Devices. Metasploit has released android meterpreter too for exploitation so in this article we will show you how to use an android meterpreter payload to hack into an android device.

We will do this by creating a “malicious” APK file (An APK file is a file format used to distribute and install software on the Android operating system.), so that once it is run, it will connect out to our attacking machine running Metasploit. We will set Metasploit up to listen for the incoming connection and once it sees it, create a fully functional remote access to the device.

We need to create the Application that will include a remote shell. To do so, we will use the msfpayload command from Metasploit. Open Kali Linux Terminal and type ifconfig to get the Attackers IP address for victim to connect back. 

Generate msfpayload application which will be sent to victim. So, execute the following command to generate payload application. 

msfpayload	Metasploit command to create payloads (exe, java, apk etc.)
Lhost	Attackers IP address for victim to connect back
Lport	(Port of your local pc)port for victim to connect back
-R	msfpayload parameter indicates generation of raw payload
APK	Application Package file

Attacker’s IP address is 192.168.1.5.You can use any port number except the well known ports.

Successful execution of msfpayload will create mali_app.apk App which is a Metasploit reverse TCP. When the app is installed on any android device, it will connect back to attackers IP address.

Open terminal and type msfconsole to go to Metasploit console. 

Start a multi handler on your machine to get a reverse tcp connection from victim using the following command. 

Because our payload is reverse_tcp where attacker expects the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections. We need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

The next step we need to configure the switch for the Metasploit payload. lhost and Lport will be same that we have given in payload. 

A multi handler will start on your machine and it will be waiting for a reverse_tcp connection from victim's side. 

Send your payload to victim and wait for its execution. As soon as victim will execute it, it will return a reverse connection and you can access meterpreter shell on victim Android Phone.

On Android device, it should show up as a “Main Activity”. After opening the application a big button will appear on your phone that says, “ReverseTcp”, when it is pressed, your phone will connect out to the Metasploit system and a remote shell session is created. 

On your Metaploit system you should see an active session is created and it drops you automatically into a meterpreter prompt. This means is we are inside the victim android Smartphone and we can do everything with victim phone. 

You can type “sysinfo” to get information on the device. 

As in Linux, the ‘ls’ command will list the files in the current remote directory. 

The ‘ps’ command displays a list of running processes on the target. 

Webcam_list command provides you a list of all webcams on the target android phone. Each webcam will have an index number.

Webcam_snap 1 command take a snapshot for the specified webcam, by default number 1 and will try without argument precision to open the saved snapshot 

Record_mic command record audio from the default microphone for X seconds and store the recorded sound in the default directory. 

Prevention

• Check app permissions: Look carefully at any application before you install it to make sure it’s legitimate and it only asks for necessary permissions. A torch app asking to access your contacts, internet and phone is never really a good idea. Discard app that seem shady – they’re usually not worth risking personal information over

• Download Apps Only from Trusted Sources: Using the Google Play Store to download apps or Amazon’s Appstore already makes you among the more secure tiers of Android users – many dodgy apps are distributed through third-party Android app stores rather than the official ones.
• Switch off 'Unknown sources: It’s highly advisable to keep installation of apps from Unknown Sources at “off” in the device’s settingsThis will help ensure that nothing enters the system except through official channels. Prior to installing an application you downloaded outside of the Play store, Google will scan the app and warn you of any potential threats if you on the verify app button .
  

Conclusion

Android is one of the most open, versatile, and customizable mobile operating systems out there. Among the mobile phone malware attacks, the Android smart phones are largely targeted by the hackers. This is mainly due to the reason that the Android applications market provides an open platform for the applications. In this article we create a malicious Android application and whenever victim runs it on the android phones, it will connect out to attacking machine running Metasploit. After the successful exploitation we get the meterpreter prompt that provides the access of the victim’s android Smartphone access that leads us to perform our desired activity on victim’s phone.