Android Hacking Payloads

i think you first in need to get a vulnerability inside the operating system or vulnerable application on the target phone and through this vulnerability you can run your payload after exploiting it [should be a dangerous vulnerability to get reverse connection or RCE ]…

You should search about android vulnerabilities [core,webbrowser,networks…etc]

You are right but it’s a little different case here. Just like Metasploit reverse TCP connection apk payload stegnography will also work. In both the cases you don’t need to find vulnerability in remote android system all you need is to fool your victim and make him/her install your malicious apk generated from Metasploit then you are ready to go. We need to understand the difference between payload and exploit in order to clear doubts regarding this issue.



1 Like

Sure you’re 100% right … to hack any android phone you just need to run your payload on the operating system … You can do this in many different ways, make the victim install the payload (APK Payload), or you run it via a vulnerability after exploit it (true exploitation of a particular vulnerability makes us run a payload )… so our mission depended on the “PAYLOAD” … Thanks bro.

3 Likes

or upload a zeroclick payload with the help of xss injections :wink:

1 Like

but when the victim close the browser the session will destroy too right?

1 Like

still remember “Stagefright” cool get look into this : https://www.exploit-db.com/exploits/47119

Sadly this exploit is not remote. In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation

Nope. The browser is just the door and the key to bring and run payload. When the payload is executed, browser has done it’s job.
Like on computer. You download a payload from browser. If you run it and close browser, it still runs

1 Like

Also check about a vulnerability that happens to most Android phones and all pc’s with Linux that have enabled wifi.
This attack is caused of a wifi patch that has the vulnerability. The attack can be remotely and you have access completely control on your victim’s machine

2 Likes

I will search and review for it and then I will discuss with you :grin:
~Thanks bro.

1 Like

Use saycheese tool which is available on GitHub

This tool can be used to control victim apk, the only problem with this is that, it will work till the link opened in browser

Other that this, u can use adb to hack phone remotely without any vulnerability, only requirement is that adb debugging must be enable and wireless debugging too

s you can hack by image by injecting payload in image i can help u.

How to do that? @rohjas2319

Are you speaking about Pixload?

I hope uk that hiding your payload in an image file and then sharing it with your target on a social media platform will make payload not working as they decompress that images sent over their platforms.

no u can inject normally by b2injector

bro mail me i will explain about it [email protected]

No sharing of private information. Even if it is temporary this community discourages sending emails to our community members seeking any kind of information. It can also be shared here in the public thread unless it is a nuclear secret of your country. :laughing:

oh thats really nice man. i will expalin here

bro u can downlaod b2injector application in windows and create a payload in windows with .exe server and open b2injector and selet the .exe file and select the image and it will inject the payload in the image and when the victim opened the image u can see that they have been hacked … bro use 888 rat in windows for creating a payload