Greetings fellow Hackers! We will now embark on a journey to learn the method of hacking any Android Phone from anywhere in the world via the web. It may sound unoriginal as there are tons of other blogs talking about the same, however, the exclusive advantage of this blog is that we are about to use a “ngrok server”, which essentially serves as a bridge, to access the reverse shell through the web. Hence, the first step would be to initiate the ngrok server.
I have initiated an NGROK SERVER with the port number “4444“.
Now, it’s an ideal opportunity to assemble a payload for android gadgets. The document expansion will be “.apk” and we will use “Msfvenom” to create any kind of payload.
To make the app authentic, and not a counterfeit or malicious application, we need to supply a certificate to the app through the utilization of “Keytool”, “Jarsigner”, and “Zipalign”, instead of using the ngrok server for LHOST and LPORT.
Subsequently, we need to employ a “Jarsigner” to sign Java Archive (JAR) files and guarantee the signatures and veracity of the signed JAR files.
Now, to achieve optimization for Android application (.apk) files, we must utilize the archive alignment tool known as Zipalign.
Send the malicious file to the victim by any available method, and get them to download it, that way you can achieve your desired goals. Subsequently, initiate Metasploit by running the command “msfconsole”.
Once the victim clicks on the app, you will receive an inbound connection from the Android device.
Once the reverse connection has been established, we will be able to access and manipulate a variety of data, including phone calls, texts, contact lists, and more. To view system information, the command to use is “sysinfo“.
Now you can use the command “dump_calllog“ and “dump_sms“.
It has been saved to your system so let’s access the system
This is SMS…
That is the end of the day, and we hope you enjoyed the reading.
2 comments
he blog was how do i say it… relevant, finally something that helped me. Thanks