I will teach you how to hack Android phone step by step. You will learn how to use AhMyth , a ANDRORAT to gain remote access.
In this tutorial we will work with a tool called AhMyth , an open source remote access tool.
INTRODUCTION TO AHMYTH AND REQUIREMENTS
AhMyth has many features that you would expect to see in a RAT like geo-location monitoring, SMS modules, contact list viewer, file manager, camera snapshots, microphone recorder and much more. This RAT is very easy to use due to its simple and efficient GUI design. AhMyth is a cross-platform remote access tool available for Linux, Windows, and Apple OS.
- Server side : electron framework based desktop application (control panel)
- Client side : Android application (backdoor or backdoor)
Multi platform
In this tutorial, I will be using a Linux (Kali) based operating system. If you are using Windows, AhMyth also has a version available.
First of all we need to install AhMyth.
Previous requirements:
- Electron (to start the application)
- Java (to generate apk backdoor)
- Electron-builder and electron-packer
INSTALLATION OF AHMYTH
- First we clone AhMyth on your system
git clone https://github.com/AhMyth/AhMyth-Android-RAT.git
- With the cd command we go to the AhMyth-Android-Rat directory.
cd AhMyth-Android-RAT
cd AhMyth-Android-Server
- Start AhMyth using the command below.
npm start
- If you start AhMyth with npm and get errors you can try the following command:
sudo npm start –unsafe-perm
Alternative installation
Download the binary.
INSTALLATION REQUIREMENTS
You probably won’t be able to start AhMyth if you don’t have electron installed and so we need to install node.js. Follow the steps below:
- Open the terminal and type:
curl -sL https://deb.nodesource.com/setup_9.x | sudo -E bash
- Subsequently:
sudo apt-get install -y nodejs
We also need to install electron, we do it as follows:
git clone https://github.com/electron/electron-quick-start
cd electron-quick-start
npm install
npm start
- We start by launching the application, inside the AhMyth-Android-Server folder :
npm start
//o también
sudo npm start –unsafe-perm
- If for some reason the npm start command doesn’t work, you can run the following command to install the dependency manually.
DEVPLOIT: TOOL FOR INFORMATION GATHERING
npm install electron-prebuilt
- HACK ANDROID WITH AHMYTH RAT
- As you can see from the screenshot below, AhMyth has started successfully.
Installing AhMyth on Linux
Now that AhMyth is running, you know that this is a desktop application based on the electron framework (your control panel) and that it will be used to create a listener for the attacking device.
- In the top menu, click on “APK Builder”
default back door
In this tutorial I will use the basic backdoor that is generated by AhMyth. You can also embed a backdoor into an original apk using the Bind With another APK option.
- Choose which port you would like to run the AhMyth server on. The default port is 42472
- If you plan to use AhMyth within your own network, use your local IP address. If you plan to use AhMyth outside of your own network, use your public IP address.
AhMyth APK Builder
- Once the APK file has been successfully generated, it’s time to move it to the target Android device. Use any of the delivery methods you want to send the malicious backdoor. Social engineering methods can often work better. Once the target installs the malicious Android app and launches it, the target device will appear from the AhMyth target menu.
- Once a port has been chosen, click the “ Listen ” button at the top right of the AhMyth app.
If we open the compromised Android device from the target list, you can use various AhMyth modules to perform various evaluations of the target Android device.
- Camera: Take control of the front camera and rear camera in real-time.
- File Manager – Allows file access from compromised Android devices.
- Mic: you can use the microphone
- Location: Geographic location of the target Android device.
- Contacts: contact list of the compromised device
- SMS – SMS messages can be sent from compromised Android devices to other mobile devices
- Calls logs: You can view the call logs.