Hack IPhone Android Blackberry Phones
Using the smartphone-pentest-framework for Backtrack.
So with smartphone-pentest-framework inclued in Backtrack 5 r3 you can create an application that after installed will act like a Remote Administration Tool (RAT) and give control over the victims phone, any iPhone, Android or even Blackberry, allowing to:
- Read all Messages
- Read all Contacts
- Get Shell Access.
- Backtrack 5 r3
- Portforwarding (if you are using this outside of your own network)
- Xampp for linux (guide to installing this will be in the tutorial)
- A phone (for this example using Android Phone)
1. XAMPP Install
Open up a terminal window and type
Once xampp has finished downloading, go to your home directory and you should have a file called “download.php?xampp-linux-1.7.3a.tar.gz” rename it to something like “xampp.tar.gz”.
In your terminal window run:
tar xvfz xampp.tar.gz -C /opt
Everything should be installed and you can find xampp in /opt/lampp/ directory
2. XAMPP Configuration
/opt/lampp/lampp start /opt/lampp/lampp stop
To start and stop the Xampp service
Once Xampp has started, go to “localhost” in your browser and select your language. Navigated to “Phpmyadmin” and create a new database called “framework”.
Next add a new user by going to the “privileges” tab then “add a new user” Use whatever username and password you want and select “local” from the hosts list.
Make sure you “Check All” global privileges, then click go.
Now delete the htdocs folder in /opt/lampp/
3. Configuring SPF
Open up the smartphone-pentest-framework window by going to applications>backtrack>exploitation tools>wireless exploitation tools>gsm exploitation>Smartphone-pentest-framework
Select option 4 then select option 2.
Input your phone number, then input a 7 digit control key to connect to your victims and then enter the path you want your app to located on your webserver (I will be using /). Now don’t expect anything to happen just yet, you need to configure your phone with SPF.
Locate the file
And move it over to your phone by uploading it to dropbox or just connecting your phone to your computer.
Install it then open it up. Put in the details you filled out a minute ago in
SPF and your ip the webserver is setup on and press setup.
4. Attacking The Victim
Open up smartphone-pentest-framework and select option 6 then pick between the direct download (just sends a text to the person from your phone with a direct download to the file) or client side shell (uses a browser exploit in android phones to give you shell access).
If you select option 1 you must move the file
to your root directory.
Once you get a victim, just open up smartphone-pentest-framework again, select option 1, fill in the details and you can then control the victim from your mobile phone.
So now, good hunting, hope you enjoy it, and please leave a comment after using it. Remember that Android, iPhones and Blackberry can be fully controlled using this Hack.