Mobile Hacking - singirikondamani/Noted GitHub Wiki

Mobile Hacking using the PhoneSploit

Step 1: Prepare Parrot Security Machine:

  • Reboot Android Machine if Necessary:Navigate:Commands icon → Power → Reset/Reboot
  • Open Terminal: Click the MATE Terminal icon on the Desktop.
  • Gain Root Access: Command: sudo su, Enter password: toor

Step 2: Launch PhoneSploit:

  • Navigate to PhoneSploit Folder:Command: cd PhoneSploit
  • Install Dependencies (if needed):Command: python3 -m pip install colorama
  • Run PhoneSploit:Command:python3 phonesploit.py

Step 3: Connect to Target Android Device:

  • Select Connection Option:Command: Type 3 and press Enter (Connect a new phone)
  • Enter Target IP Address:Input:10.10.1.14 (Replace with actual IP if different)
  • Ensure Connection: If Connection Timeout, repeat Step 3. Press Ctrl+C if issues persist and start over.

Step 4: Access Shell on Target Device:

  • Access Shell:Command: Type 4 and press Enter (Access Shell on a phone)
  • Enter Device Name:Input:10.10.1.14
  • Basic Commands to Explore: View Directory: pwd List Files: ls Change Directory to sdcard:cd sdcard List Files on sdcard: ls

Step 5: Interact with Files on Target Device:

  • Navigate to Download Folder:Commands:cd Download, ls(Look forimages.jpeg`)
  • Document File Location for Later:Example: /sdcard/Download/images.jpeg

Step 6: Capture Screenshot from Target Device (LOIC):

  • Return to Main Menu:Command: exit
  • Capture Screenshot:Command: Type 7 and press Enter (Screenshot a picture on a phone), Enter Device Name: 10.10.1.14, Save Location: /home/attacker/Desktop
  • View Screenshot: Navigate: PlacesDesktop → Open screen.png

Step 7: Gather Information from Target Device:

  • List Installed Apps:Command: Type 14 and press Enter (List all apps on a phone), Enter Device Name: 10.10.1.14
  • Run an App (Example: Calculator):Command: Type 15 and press Enter (Run an app), Enter Device Name: 10.10.1.14, Launch App: com.android.calculator2
  • Verify on Android Device:Switch to Android machine to see the running app.

Step 8: Additional Exploits and Actions:

  • View MAC/Inet Information:Command:Type 18 and press Enter (Show Mac/Inet information), Enter Device Name:10.10.1.14
  • Check Network Statistics (NetStat): Command: Type 21 and press Enter (NetStat option), Enter Device Name: 10.10.1.14

Step 9: Explore Further Options with PhoneSploit:

  • Use Additional Features:Install APK: Install apps on the device, Screen Record:** Record the screen activity, Turn Device Off: Shutdown the Android device, Uninstall Apps: Remove unwanted applications

Step10: KEYword identification with PhoneSploit:

Select the option 24 and enter ip the find the keyword of all

Step 11: Access the file informaton PhoneSploit:

Select the option 4

Noted: P option give more option related the system

  • For the APK analyser usually we use tools like MOFS, APKtool, SOX source link