How To: Hack Any Account That Has Recovery via Phone Option Enabled (SMS) On Android:

Hack Any Account That Has Recovery via Phone Option Enabled (SMS) On Android:

Hello Elite Hackers! Welcome to my 3rd Post, which explains how to hack any account like G-mail, Facebook, etc.
You can also use this technique to hack/spoof messengers like Facebook or WhatsApp etc.

Step 1: Fire-Up Kali:

  • I hope you know how to hack android and gain access to it, if not follow my guide: HERE
  • I am hacking on WAN, so the meterpreter would be like this:

Step 2: Meterpreter:

  • After the Meterpreter Prompt shows up, leave it there.
  • Open up a browser, goto www.gmail.com, Enter the Victim's E-Mail address.
  • Click on "Need Help?"
  • Choose "I don't know my password", click Continue
  • Now, Click "I dont know"
  • At last, Click Continue

Step 3: Onto Meterpreter Again:

Oops I forgot that Before Clicking that last continue you should go onto meterpreter and check that, for how much time the phone has not been used(is idle), you can do that by typing:

  • idletime
  • BUT HERE COMES THE PROBLEM, THE idletime command does not work on android, so you cant tell if the user is using the phone currently or not. (However there are other complex ways. like checking RAM etc.)
  • But nevermind we will continue to exploit and take the risks.
  • Type : dump_sms to gather/dump all the messages to root folder.
  • (You can also type: dump_contacts for further exploitation)

Step 4: Done...Almost:

  • Goto the root folder of Kali and open the .txt file where all the messages had been dumped.

------------------------------------------------------------------------------------------------------
AND, there you go,
Put the Verification code to the Account Recovery Help.

Step 5: Password Reset:

Enter the Code:

----------------------------------------Continue-------------------------------------------

Step 6: Delete the Message:

Nope, You cannot delete the message until the hacked phone is rooted.
If rooted type: delete data/data/com.android.providers.telephony/databases/mmssms.db

WARNING!

If you don't delete the message the User will get suspicious and will get to know something's wrong. (Beware of the Cyber Police)

The END,

Now that you have hacked google account, you can hack facebook for sure or any other account.
You can also spoof messengers like FBmessenger or WhatsApp etc.(don't type anything or the user will get suspicious)

Thank You,
F.E.A.R.

40 Comments

Excellent!

This is the cleverest( or you could say nastiest ;) ) way to hack a Google account! pretty impressive and thanks for the useful article!

Welcome Armin,
I'll make more tutorials like this, just keep coming back!
(Actually Thank You! for the appreciation)

NIcE!!! Great TUT I have yet to try your initial android hack but looking forward to it after this article heh. BTW haven't got a chance to take a creen shot of that issue with that windows 7 hack. Will eventually. Keep up the Good Work!

Thank You! Buckeroo,
You can also enable default administrator by opening cmd with admin privilages by typing :

  • net user administrator /active:yes (just for testing)
  • After that log into the (default) administrator account.
  • Goto C:\Windows\System32
  • Rename sethc to 123
  • Make a copy of cmd present there, rename this copy as sethc.
  • Done.
  • Goto the logging screen, press shift 5 times(or more)
  • And BOOM! cmd pops-up with system(highest) priviliges.
  • EDIT: You can verify by typing explorer.exe, press enter.
  • EDIT: After its complete goto start and see the name of the account.

Use this method as a test, until then I'll search for some other commands that enables boot screen on your HP.

AND... got it,

Try enabling this at the classic BIOS SETUP SCREEN. (If its not classic then switch to it, there is a specific option to do so...)

Enable:

I think you know how to open the BIOS SETUP.

Cunning. Great read.
Thanks F.E.A.R.

Anytime, ALPHA

Looks great, you got a follower more :D

Thank You! BENI, :D

This is pretty nifty and quite clever. I have been reading many tutorials on this site but recently I have cake across a problem that I haven't found an answer to. I made a few accounts on my phone that were for a game and testing purposes, well one of the takes I played ended up switching my associated gmail to a trash acct which I no longer have the info for. Is there a way to run a user enumeration through google recovery or sign up page?

Hi Glenn,
I don't think so, if I understand your question correctly.

Nice tut, FEAR.

I can't send messages because first I need to confirm my Email. However, I haven't yet received it from wonderhowto.

Could you please look into it.

Thanks.

FEAR, when I type dump_sms, I get
Unknown command: dump_sms
I also don't seem to have any Android commands listed when I look at th meterpreter help..
I did set up my listener and apk with android/meterpreter/reverse_tcp payload
Any suggestions?

Yes, Upgrade Kali (1.1.0) because the androids have been upgraded too

More details: Go here and read the comments at the end.

That's the odd thing, I thought that might be the problem too, but it's completely up to date, and the problem persists. I will have to try this out on some consenting friends to be sure it's not my devices causing this... I've only two androids, one is kind of old, but the other is only a year old and should work..

If you type "help" on the meterpreter you can see all the commands available. Therefore you can make sure you spelled everything correctly.

You should try this command first:
check_root
Don't worry the device doesn't need to be rooted, but still, run that and tell the result.

Not the easiest, but an effective way. Oh, I love MitM...

I actually used it thrice but success was only 2 times.
Also, a question:

My android was not rooted and had CM11 , and meterpreter showed me that it's rooted? Why? How? And same with some other phones.

Sometimes there can be small errors like that. Maybe there is something else on your phone that makes it look like it's rooted. Download an app from the Google Play Store called "Check Root" and see if it is the same result there.

Already did (in the past, now I have rooted the android) and it showed, root not properly installed. (The device is not rooted)

I checked further about this issue with no success, and finally left worrying. (Android was/is OPO)

is there recommended time period between you seeing "enter password rest code" appeared and completing it" ?

None that I know of.

nice tutorial thank u, but how to delete the message if the victims phone is not rooted ????? plz respond.

You are welcome,
Nope, you can't until, you have physical access or android is rooted.

Well, not a way that we know of. Android has it's bugs... :P

please, can you explain in a video

If the phone number is not tied to Android system, could I obtain the phone number anyway?? PLease answer me ASAP, thank you!

Nope you can't,
Not until you know the account's credentials and the phone number was linked/saved in that account.

Hey.. Very informative tut..
a small ques..

Is there any way to knw that the target is using which OS based phone.. i mean Andorid/WP/iphone .. How to know his phone's OS.. so to move forward with related trick. ..

Hello Rajat,
Well, you should know the target before you exploit it of-course.
This exploit will only work for Android.

hey F.E.A.R. could u pls make a video tutorial for this. im new to this so i don't understood it fully pls

Please help, whenever I try to start the meterpreter (first step) it says permission denied. Any way ti fix this? Plz help

Attach a screenshot of the issue, can you?

Thank you for this awesome article ! :D

One question though, you've written "You can also use this technique to hack/spoof messengers like Facebook or WhatsApp etc."

Can you please elaborate or post another tutorial showing how to do this?

I've made a video tutorial for this hack.
Check it out on my YouTube channel : https://www.youtube.com/watch?v=7jc9cQZCpmk

quite informative and useful as well thanks mate... .!!

hey FEAR
i have kali on my VB in windows 10
is there any needs to forward port?
and shall i use ipv4 ip in kali when i type ifconfig?

F.E.A.R
I really respect and appreciate that mind you got and the way you put stuff together <3
You can say am still new to those stuff am trying to develop myself, can u hand me some help?
And abt this topic, what can i do if the victim's phone was an iphone ?
Thank you alot man, i hope you can answer me soon
Take care

Share Your Thoughts

  • Hot
  • Latest