1
00:00:00,260 --> 00:00:05,510
In this video, we are going to see how we can hack Android phones with Metasploit framework.

2
00:00:07,960 --> 00:00:10,960
So we will be generating a malicious file.

3
00:00:10,960 --> 00:00:14,680
And once it is installed on the victim device, we will get the reverse shell.

4
00:00:17,110 --> 00:00:22,450
So in step one, create a malicious apk and open a multi listener.

5
00:00:23,620 --> 00:00:27,580
Now you need to download and install the application on the victim machine.

6
00:00:27,610 --> 00:00:32,020
You can use social engineering to trick the victim into installing the application.

7
00:00:34,690 --> 00:00:38,320
Once the application is installed, you will get the reverse shell.

8
00:00:42,620 --> 00:00:44,390
Now let us see the demonstration.

9
00:00:45,390 --> 00:00:47,550
So we are on our Kali machine.

10
00:00:48,700 --> 00:00:53,740
First of all, let's just list the payloads that are available for Android with the command as shown

11
00:00:53,740 --> 00:00:54,610
on the screen.

12
00:00:58,380 --> 00:01:01,440
We will be using meterpreter reverse TCP exploit.

13
00:01:03,360 --> 00:01:11,110
So use the command MSF venom dash p Android payload set host to your local machine IP.

14
00:01:13,780 --> 00:01:16,300
And output in a file dot file.

15
00:01:18,830 --> 00:01:21,050
Now we have an APK file generated.

16
00:01:23,060 --> 00:01:29,870
Now we can run a python http server in the same folder for ease of transferring files to android machine.

17
00:01:31,190 --> 00:01:37,730
Let's use the command python 3-M http server and our HTTP server will be started in the same folder.

18
00:01:40,600 --> 00:01:41,950
Now in a new tab.

19
00:01:41,980 --> 00:01:43,960
Fire up MSF console.

20
00:01:47,790 --> 00:01:51,420
Use the command use exploit multi handler to run multi handler.

21
00:01:52,200 --> 00:01:54,780
Set the same payload as Android Meterpreter.

22
00:01:54,780 --> 00:01:55,560
Reverse TCP.

23
00:01:56,890 --> 00:01:58,660
Set your host, your local.

24
00:02:02,280 --> 00:02:03,360
And run the handler.

25
00:02:06,040 --> 00:02:07,930
Now let's move to our Android machine.

26
00:02:09,600 --> 00:02:11,880
I'm running Android inside Virtual machine.

27
00:02:13,150 --> 00:02:17,200
So on your browser, navigate to the address of the Kali machine.

28
00:02:21,040 --> 00:02:22,840
You will see a list of files.

29
00:02:22,930 --> 00:02:26,680
Just download the malicious app that we just generated.

30
00:02:29,710 --> 00:02:34,330
You may get some warnings, but ignore them and open the file.

31
00:02:37,510 --> 00:02:42,010
We get a warning that we need to allow installation of unknown apps.

32
00:02:44,470 --> 00:02:46,900
Just allow unknown errors from the settings.

33
00:02:51,510 --> 00:02:53,790
And continue installation of the application.

34
00:03:03,190 --> 00:03:05,950
Once the application is installed, open it.

35
00:03:10,190 --> 00:03:13,670
And if we move back to our Kali machine, we get a reverse shell.

36
00:03:15,080 --> 00:03:20,000
Now we can run different meterpreter commands to fully exploit the machine or extract data from the

37
00:03:20,000 --> 00:03:20,660
android.

38
00:03:24,690 --> 00:03:30,600
So in this manner we can use Metasploit framework to hack into an Android phone with a malicious apk.