Wednesday 29 April 2015

How to Hack Any Account That Has Recovery via Phone Option Enabled (SMS) On Android:

Step 1: Fire-Up Kali:

  • I hope you know how to hack android and gain access to it, if not follow my guide: HERE
  • I am hacking on WAN, so the meterpreter would be like this:

Step 2: Meterpreter:

  • After the Meterpreter Prompt shows up, leave it there.
  • Open up a browser, goto www.gmail.com, Enter the Victim's E-Mail address.
  • Click on "Need Help?"
  • Choose "I don't know my password", click Continue
  • Now, Click "I dont know"
  • At last, Click Continue

Step 3: Onto Meterpreter Again:

Oops I forgot that Before Clicking that last continue you should go onto meterpreter and check that, for how much time the phone has not been used(is idle), you can do that by typing:
  • idletime
  • BUT HERE COMES THE PROBLEM, THE idletime command does not work on android, so you cant tell if the user is using the phone currently or not. (However there are other complex ways. like checking RAM etc.)
  • But nevermind we will continue to exploit and take the risks.
  • Type : dump_sms to gather/dump all the messages to root folder.
  • (You can also type: dump_contacts for further exploitation)

Step 4: Done...Almost:

  • Goto the root folder of Kali and open the .txt file where all the messages had been dumped.
------------------------------------------------------------------------------------------------------
AND, there you go,
Put the Verification code to the Account Recovery Help.

Step 5: Password Reset:

Enter the Code:
----------------------------------------Continue-------------------------------------------

Step 6: Delete the Message:

Nope, You cannot delete the message until the hacked phone is rooted.
If rooted type: delete data/data/com.android.providers.telephony/databases/mmssms.db
WARNING!
If you don't delete the message the User will get suspicious and will get to know something's wrong. (Beware of the Cyber Police)

FINALLY :-

Now that you have hacked google account, you can hack facebook for sure or any other account.
You can also spoof messengers like FBmessenger or WhatsApp etc.(don't type anything or the user will get suspicious)
                                                                                                                    - Man OF Action
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)