How to hack android phones with Phonesploit

Understanding how to hack Android phones with Phonesploit has become a topic of interest and concern. Phonesploit is a powerful tool that allows users to remotely access and control Android devices, offering capabilities ranging from retrieving sensitive information to executing commands on the target device. This tool leverages vulnerabilities in Android's debugging interface,ADB, to gain unauthorized access.

Whether for ethical testing or malicious intent, knowing about Phonesploit is crucial in understanding mobile security risks and defenses. This article explores the workings of Phonesploit in simple terms, highlighting its implications and precautions for both users and security professionals alike.

What is PhoneSploit?

PhoneSploit Pro is a powerful open-source tool written in Python language to remotely exploit Android devices using ADB (Android Debug Bridge) and Metasploit-Framework. It comes with Metasploit Integration. With only one click, this tool can fully hack an Android smartphone by automatically creating, installing, and running a payload on the target device using the Metasploit Framework and ADB.

This project aims to simplify Android device penetration testing. Now PhoneSploit Pro handles learning commands and parameters for you. You may quickly test the security of your Android devices using this tool. 

Requirements for PhoneSploit:

• Kali Linux: Recommended for penetration testing due to pre-installed tools like Metasploit.
• Metasploit: Essential for generating and executing payloads.
• Python3: Python 3.10 or Newer
• ADB: Android Debug Bridge (ADB) from Android SDK Platform Tool.
• Scrcpy: A tool that provides screen mirroring for Android devices.
• Nmap: A network scanning tool, useful for identifying open ports on target devices.

Steps to Install PhoneSploit for Android

Step 1: Clone the GitHub Repository

On your Linux system, move to the Desktop directory and clone the GitHub repository by entering the below command.

cd Desktop
git clone https://github.com/AzeemIdrisi/PhoneSploit-Pro

Step 2: Navigate to the Tool Directory

Now after cloning into PhoneSploit-Pro, move to the tool directory and list the files inside it.

cd PhoneSploit-Pro
ls

Step 3: Run the PhoneSploit Tool

Run the tool by entering the command given below.

sudo python3 phonesploitpro.py

Steps to Configure PhoneSploit for Android

Before using PhoneSploit, you need to configure the Developer Options and enable USB Debugging on the target Android device.

Step 1: Enabling the Developer Options

1. Open Settings.
2. Go to About Phone.
3. Find the Build Number.
4. Tap on Build Number 7 times.
5. Enter your pattern, PIN, or password to enable the Developer options menu.
6. The Developer options menu will now appear in your Settings menu.

Step 2: Enabling USB Debugging

1. Open Settings.
2. Go to System > Developer options.
3. Scroll down and Enable USB debugging.

After enabling USB debugging, Now Connect the device to the host computer with a USB cable. After connecting the Android device to the computer, Return back to the tool terminal:

Usage of PhoneSploit Tool

Example 1: Mirror and Control Device

Step 1: Let's first Mirror & Control Device, Enter the 5th option for it.

Step 2: After that, it will ask for the quality of the casting. Let's choose the Best Quality by entering option 1. A pop-up will come on your Android Device asking to allow USB debugging. 

When you click on allow, it will start casting your Device to the System.

Example 2: Hacking the Device

Let's now move to another feature of this tool which is the best among others i.e. hacking the device

Step 1: Enter option 15 in the main menu i.e. Hack Device. (Our Android phone must be connected to the system).

Metasploit-Framework will be launched. Wait for 10 seconds.

Step 2: Continuing the process of APK creation using the tool.

Step 3: We can Modify LHOST and LPORT by typing M or just pressing Enter. After that, it will ask for setting up a database, for storing the payload.

Step 4: Now the tool has started installing the payload APK to the device. A pop-up will come on your Android Device which will ask you to allow for installing the APK. 

Step 5: Select the install anyway option or you can turn off google play protect in google play settings to skip this step. After installation, the tool will now open the app asking for various permissions.

Step 6: Allow all the permissions and click on continue to successfully install the payload APK.

Step 5: Now the tool will launch Metasploit-Framework and Meterpreter session will be started automatically. Now unplug the USB cable and further exploit the Android Device.

Step 6: Type help and press enter. It will list all the possible attacks on the device.

Step 7: Type dump_callog to fetch all the call history of the device and store it in your system.

As you can see the call log has been dumped and saved in a text file.

Step 8: Type record_mic to record the voice of the surroundings of the Android device.

These were examples of exploiting the device and gaining sensitive information about the Android device. There are many more attacks which you can see in the help menu of the meterpreter. You can exit from the session by typing the exit command.

Conclusion

PhoneSploit Pro simplifies the process of exploiting Android devices, making it an essential tool for cybersecurity professionals who need to assess mobile security. Its integration with the Metasploit Framework enables users to automate the creation, installation, and execution of payloads with ease. However, it’s important to use this tool ethically and legally, ensuring that any penetration testing activities are performed with proper authorization.