How to Hack Any Account That Has Recovery via Phone Option Enabled (SMS) On Android:

Feb 25, 2015 08:06 AM

Feb 25, 2015 09:32 AM

"How to Hack Any Account That Has Recovery via Phone Option Enabled (SMS) On Android:" cover image

Hello Elite Hackers! Welcome to my 3rd Post, which explains how to hack any account like G-mail, Facebook, etc.

You can also use this technique to hack/spoof messengers like Facebook or WhatsApp etc.

Fire-Up Kali:

I hope you know how to hack android and gain access to it, if not follow my guide: HERE

I am hacking on WAN, so the meterpreter would be like this:

Terminal window displaying a public IP address.

How to Hack Any Account That Has Recovery via Phone Option Enabled (SMS) On Android:

Meterpreter:

After the Meterpreter Prompt shows up, leave it there.
Open up a browser, goto www.gmail.com, Enter the Victim's E-Mail address.

Login interface featuring a password entry field and sign-in buttons.

Click on "Need Help?"
Choose "I don't know my password", click Continue

Google sign-in help page with options for password recovery and account access issues.

Now, Click "I dont know"

Password recovery form with input field and buttons for continuing or indicating lack of knowledge.

At last, Click Continue

Verification code input screen with options for receiving the code via SMS or phone call.

Onto Meterpreter Again:

Oops I forgot that Before Clicking that last continue you should go onto meterpreter and check that, for how much time the phone has not been used(is idle), you can do that by typing:

idletime
BUT HERE COMES THE PROBLEM, THE idletime command does not work on android, so you cant tell if the user is using the phone currently or not. (However there are other complex ways. like checking RAM etc.)
But nevermind we will continue to exploit and take the risks.
Type : dump_sms to gather/dump all the messages to root folder.
(You can also type: dump_contacts for further exploitation)

Terminal command output displaying SMS message retrieval process.

Done...Almost:

Goto the root folder of Kali and open the .txt file where all the messages had been dumped.

SMS messages log with verification code and tariff plan information.

------------------------------------------------------------------------------------------------------

AND, there you go,

Put the Verification code to the Account Recovery Help.

Password Reset:

Enter the Code:

Verification code input screen for SMS confirmation.

----------------------------------------Continue-------------------------------------------

Google password reset interface with fields for entering a new password.

Delete the Message:

Nope, You cannot delete the message until the hacked phone is rooted.

If rooted type: delete data/data/com.android.providers.telephony/databases/mmssms.db

WARNING!

If you don't delete the message the User will get suspicious and will get to know something's wrong. (Beware of the Cyber Police)

The END,

Now that you have hacked google account, you can hack facebook for sure or any other account.

You can also spoof messengers like FBmessenger or WhatsApp etc.(don't type anything or the user will get suspicious)

Thank You,

F.E.A.R.

You already know how to use your phone. With Gadget Hacks' newsletter, we'll show you how to master it. Each week, we explore features, hidden tools, and advanced settings that give you more control over iOS and Android than most users even know exists.