International Journal on Recent and Innovation Trends in Computing and Communication

ISSN: 2321-8169 Volume: 9 Issue: 5

DOI: https://doi.org/10.17762/ijritcc.v9i5.5481
Article Received: 28 March 2021 Revised: 19 April 2021 Accepted: 30 April 2021 Publication: 31 May 2021
____________________________________________________________________________________________________________________

Access Android Device Using The FatRat and

Metasploit
Karan
Global Institue Of Technology
Jaipur, India
17egjcs856@gitjaipur.com

Palvinder Singh
Global Institute of Technology Jaipur,India
17egjcs107@gitjaipur.com

Amit Bohra
Assistant Professor
Global Institue Of Technology, Jaipur, India
bohraamit7@gmail.com

Abstract—At present, smartphones are widely used for both business and personal purposes. As we all
know that android is the popular mobile operating system. Like Windows operating system vulnerability the
android has also vulnerability. And on the basis of these vulnerabilities, an attacker can obtain a user’s
privacy data. But one possible way to avoid accessing of system and network i.e. penetration testing
This paper describes penetration testing, Kali Linux tools such as Metasploit and TheFatRat. These tools
have proved to be effective in Android exploitation. For example, by using TheFatRat, create a payload
using msfvenom. Furthermore, the Payload creates a backdoor to access the system, using Metasploit, which
exploits the android device and finds the vulnerability and, according to vulnerability, access the victim's
system.
Keywords— TheFatRat, Meterpreter, MSF venom, Metasploit framework, GPS, Payload, Backdoor.

I. INTRODUCTION they identified the vulnerability in a system. After

getting the vulnerabilities, penetrations testers take
Nowadays, Mobile developers most commonly use
the server’s remote access to breach the all types of
Android OS to develop smartphones because of its
security by using the Metasploit framework.
performance, features, and services. Smartphones
provide services such as phone calls, internet TheFatRat tools is a free and open-source tool.
services, online and offline games, email, video Through this tool, we generate a backdoor. FatRat
calls, social networking apps, messaging, storing, convened a malware with Payload, and then the
and sharing files from one device to another. So, it malware can be executed on Windows, Android,
is necessary to ensure security and safety in android etc.
devices. With the open nature of Android, a large TheFatRat and Metasploit are combined to exploit
number of malware are hidden in android apps that an Android device. TheFatRat is used to create a
threaten Android security. Penetration testers use payload, and Metasploit is used to exploit the
the vulnerability scanners, and through this scanner, android device.
40
IJRITCC | May 2021, Available @ http://www.ijritcc.org
International Journal on Recent and Innovation Trends in Computing and Communication
ISSN: 2321-8169 Volume: 9 Issue: 5
DOI: https://doi.org/10.17762/ijritcc.v9i5.5481
Article Received: 28 March 2021 Revised: 19 April 2021 Accepted: 30 April 2021 Publication: 31 May 2021
____________________________________________________________________________________________________________________

II. IMPLEMENTATION Meterpreter

I. PENETRATION TESTING It is a Metasploit attack payload, and the Payload
provides a shell. Through this shell, an attacker can
Penetration testing is a protective and unauthorized
explore the victim's machine and execute the code
effect of accessing the computer system to find the
vulnerabilities from various viewpoints. Backdoor
II. ANDROID EXPLOITATION A backdoor is a method, and with the help of a
With the help of exploitation, we find the backdoor, a penetration tester or an attacker can
vulnerability. Here exploitation is a malicious code enter into the victim's machine.
and breaches the security of a system without user
knowledge. TheFatRat and Metasploit are combined Payload
to exploit an Android device. The tool TheFatRat The Payload is considered similar to a virus. A
can compile the viruses with payloads and compile payload is a set of malicious codes that ship
the resulting file to run a specific platform. Through sensitive information, and through this, we can
TheFatRat, we generate a backdoor or Payload. It access any device and take advantage.
means you can create a full undetectable (FUD)
payload using this tool, which means antivirus COMMON TERMS
cannot detect it as a virus. The Metasploit
Framework is used to run exploitation in a Exploit
vulnerable device. Once Metasploit finds any A piece of code written to take advantage of a
vulnerability on the target system, then it will a particular vulnerability in the system.
automatically access that system. If you are using
LHOST
this tool and your system is vulnerable, you can
An attacker uses the IP address of localhost to
perform any other type of attack through this tool.
communicate with the target machine.
For example, you can fix the vulnerability of a
virus. LPORT
TheFatRat The Port of localhost, which attackers use to listen
to the target machine.
TheFatRat is a simple to use tool which helps in
generating backdoors, system exploitation, post-
exploitation attacks, browser attacks, Windows, and
Android. The combination of MSF payload and
Msfencode make a single framework that is
TheFatRat.

MSF VENOM
Msfvenom is a command-line instance of
Metasploit used to generate and output all of the
various types of shellcode available in Metasploit.

Metasploit
The Metasploit framework is a potent tool for
attackers to customize this tool according to their
operating system. Metasploit is a Perl-based
portable network tool and in 2007 is written in Ruby
language. And it provides a platform, through this,
you can access the device remotely and maintain the
access, detect, IPS, IDS, etc.
41
IJRITCC | May 2021, Available @ http://www.ijritcc.org
International Journal on Recent and Innovation Trends in Computing and Communication
ISSN: 2321-8169 Volume: 9 Issue: 5
DOI: https://doi.org/10.17762/ijritcc.v9i5.5481
Article Received: 28 March 2021 Revised: 19 April 2021 Accepted: 30 April 2021 Publication: 31 May 2021
____________________________________________________________________________________________________________________

III. STEPS TO PERFORM ACCESS ANDROID

DEVICES

Fig 2. Run the FatRat

STEP 3
Now create a backdoor with msfvenom
First of all, an attacker needs to create a backdoor
because an attacker injects a payload into the target
machine through the backdoor.

Fig 1. Steps to Accessing the Devices.

STEP 1
Downloading and installation of TheFatRat
First of all, download theFatRat from GitHub
gitclonehttps://github.com/Screetsec/TheFatRat.git
STEP 2
After that, run TheFatRat
#Fatrat

Fig 3. Create backdoor with msfvenom

42
IJRITCC | May 2021, Available @ http://www.ijritcc.org
International Journal on Recent and Innovation Trends in Computing and Communication
ISSN: 2321-8169 Volume: 9 Issue: 5
DOI: https://doi.org/10.17762/ijritcc.v9i5.5481
Article Received: 28 March 2021 Revised: 19 April 2021 Accepted: 30 April 2021 Publication: 31 May 2021
____________________________________________________________________________________________________________________

STEP 4
Choose the Payload
SIGNED ANDROID>> FatRat. apk
In this step, set the LHOST IP address and Port
number.

Fig 5. Set the name of apk

STEP 6
Then install the apk payload on your Android
phone
Install the Payload in the target machine by using
any of the following methods.
• Data cable
• Pen drive
Fig 4.choose the payload • Shared link through the mail.

STEP 7
STEP 5
Start Metasploit
Enter a base name for the Payload.
#Msfconsole
Select android/meterpreter/reverse_tcp
Then we use exploit/multi/handler
When the Payload is created, then the attacker needs
Select payload > android > meterpreter >
to inject it into the target machine. And the base
reverse_tcp
name for the file, i.e., game. apk
The multi/handler window will show, then the
attacker needs to set the LHOST & LPORT.

43
IJRITCC | May 2021, Available @ http://www.ijritcc.org
International Journal on Recent and Innovation Trends in Computing and Communication
ISSN: 2321-8169 Volume: 9 Issue: 5
DOI: https://doi.org/10.17762/ijritcc.v9i5.5481
Article Received: 28 March 2021 Revised: 19 April 2021 Accepted: 30 April 2021 Publication: 31 May 2021
____________________________________________________________________________________________________________________

Fig 7. Opening of Metasploit Session

STEP 9
Accessing files on victim on victim device
meterpreter > Explore > Browse files
Fig 6. Set the LHOST & LPORT in Metasploit An attacker can download the files from the victim's
device.
BASIC OPTIONS:
STEP 8 • webcam_snap - Take a snapshot.
Start Listening • webcam_stream- To play a video stream.
Once the apk payload has been installed and opened • Webcam list - List the camera types in the
in the target machine, it will create a remote session device.
with the attacker’s device. Then after that, an • dump_calllog- View the call details.
attacker can access some confidential information • dump_sms – To retrieve messages from the
like call logs, SMS, sysinfo, etc. victim's phone.
• set_audio_mode – Set the android device
from silent to ringing mode.
• send_sms – Send messages from one victim
to another.
• record_mic- Record audio from victim's
phone using mic
• sysinfo- Retrieve OS version of victim's
phone.

STEP 10
Secure Android Devices using Malwarebytes
Security

44
IJRITCC | May 2021, Available @ http://www.ijritcc.org
International Journal on Recent and Innovation Trends in Computing and Communication
ISSN: 2321-8169 Volume: 9 Issue: 5
DOI: https://doi.org/10.17762/ijritcc.v9i5.5481
Article Received: 28 March 2021 Revised: 19 April 2021 Accepted: 30 April 2021 Publication: 31 May 2021
____________________________________________________________________________________________________________________

In this step the users can secure their devices C. Ajish V Nair Anusha Siby Aleena Mathew
through Malwarebytes Security from malicious Mr. Ajith G S. They summarized that the
application. Android device is unprotected after using the
Metasploit framework and quickly retrieves
android devices and steals confidential data
the commands like webcam and
dump_calllog. Moreover, the information's
gain like it takes pictures, contacts and other
information's. Furthermore, said that with
the help of the Linux kernel layer, an
attacker quickly gets access and steals the
data.

D. Khulood Al Zaabi. He identifies the

vulnerabilities in android devices and their
connected third-party application.
Furthermore, the application such as
WhatsApp and GPS advises all GPS users
and WhatsApp to be wary while using the
android devices. Furthermore, it alerts all
users and says that they learn the social
Fig 8. Malwarebytes security tools
engineering tricks and prevent themself from
attackers. Moreover, he conducts a
Stagefright code against vulnerable android
III. LITERATURE REVIEW
devices by Text or MMS to trick the
A. E Thoppil, S Sibichan, V Viswanath, R investigating and other exploitation
Kurian. Android Security uses the technique vulnerabilities with android devices.
of permission-based mechanism to restrict or
access the various resources. Nowadays, E. Maurice Dawson, Jorja Wright, Marwan
security plays an essential role in android Omar. They all suggest an antivirus
phones because you can see the mobile application in smartphones for private
phone in everybody's hands. Through information. Because in the computer we see
security, we can save our user's privacy and many security functions like firewalls,
sensitive information. Furthermore, it antivirus, and cryptography but in android
provides many tools like TheFatRat and phones, these applications are not present in
Metasploit. Moreover, these tools allow the market. So, as we compare the android
penetration testers and security analysts to devices with windows computers, the
secure everything. android devices are vulnerable. It is much
easier to get access as compare to windows
B. R Sajeev, S Joseph, S Biju, M Manoj. They computers. Nowadays, smart users use
say that android devices are used many Gmail, social media sites such as telegram,
functionalities, and these functionalities Twitter, Facebook, and other online
consist of many third-party applications. purchasing site such as Flipkart, Amazon,
Furthermore, these applications can create a Myntra, etc. It means the all the work are
vulnerability for attackers. After that, the done by online services and sites in android
attacker can quickly get access to phone. So, to security purposes, the attackers
deployment, and we need to identify the quickly get all of this information from your
vulnerabilities and secure all of these devices by accessing it.
vulnerabilities by penetration testing tools.
45
IJRITCC | May 2021, Available @ http://www.ijritcc.org
International Journal on Recent and Innovation Trends in Computing and Communication
ISSN: 2321-8169 Volume: 9 Issue: 5
DOI: https://doi.org/10.17762/ijritcc.v9i5.5481
Article Received: 28 March 2021 Revised: 19 April 2021 Accepted: 30 April 2021 Publication: 31 May 2021
____________________________________________________________________________________________________________________

IV. ADVANTAGES & DISADVANTAGES the android device. Because when the penetration
testers will access the android device then they can
ADVANTAGES
find out the vulnerabilities and loopholes in android
• It allows users to access source code. devices and then they can secure the android
• With the help of FatRat and Metasploit, we devices using some penetration testing tools. In this
can find and arrange the security threats. paper, we also discussed the countermeasures of
android devices because through these
• With the help of FatRat and Metasploit, we countermeasures the people will know about
can find loopholes or vulnerabilities in a android security.
device.
VI. COUNTERMEASOURES
• With the help of these tools, we injected an
apk file in 2 or 3 minutes. Various countermeasures help to protect the
android devices platform.
• As we talk about cybercrimes, these tools
are a high level of scope. • Do not download too many application
• Avoid the auto-upload option of photos to
DISADVANTAGES
cloud networks.
• In Metasploit, whenever the session is
• Install the application from trusted sources
created after, it does not show the warning
such as the play store.
of a closed session.
• Do not share the information when the GPS
• Security analysts or attackers may use the
is enabling.
penetration testing tools like FatRat and
Metasploit to collect confidential • Always configure a strong password with
information about an organization's system maximum length include digit, alphabet,
or network. special character.
• The Metasploit framework supports only a • Set a timeout to automatically lock the
command-line interface in android devices. phone when the users are not in use.
• To exploit the android devices requires deep • Always remember that the minimum
knowledge. password length is eight characters.

V. CONCLUSION • Remember to update the application from

time to time.
According to our research, we identified that the
android devices and their connected third-party • Use security tools to secure, detect, manage
application are vulnerable. By which the attacker android devices.
can then easily access the android devices and gets • Use filter email- forwarding barriers.
confidential information or important data. For
example, using this information, he can take your • On the android device allows only signed
pictures through the webcam command and also applications.
record the real-time data. So, all users should be • Download and Install the antivirus on
very careful about using their smartphones and the Android devices.
developers need to identify the loopholes and
vulnerability and ensure security to protect • Never download the applications from
smartphones from the malicious application, by unknown sources.
using some penetration testing tools.
In this research paper, we discussed how to access
the android device as well as how to make secure

46
IJRITCC | May 2021, Available @ http://www.ijritcc.org
International Journal on Recent and Innovation Trends in Computing and Communication
ISSN: 2321-8169 Volume: 9 Issue: 5
DOI: https://doi.org/10.17762/ijritcc.v9i5.5481
Article Received: 28 March 2021 Revised: 19 April 2021 Accepted: 30 April 2021 Publication: 31 May 2021
____________________________________________________________________________________________________________________

VII. REFERENCES
1. Thoppil, E., Sibichan, S., Viswanath, V., &
Kurian, R. Android Device Hacking:
TheFatRat and Armitage.
2. Sajeev, R., Joseph, S., Biju, S., & Manoj, M.
A Collaborative Approach for Android
Hacking by Integrating Evil-Droid, Ngrok,
Armitage and its Countermeasures.
3. Siby, A., & GS, M. A. Android Hacking
Using Msfvenom: Integrating NGROK.
4. Al Zaabi, K. (2016, June). Android device
hacking tricks and countermeasures. In 2016
IEEE International Conference on Cybercrime
and Computer Forensic (ICCCF) (pp. 1-10).
IEEE.
5. Wright, J., Dawson Jr, M. E., & Omar, M.
(2012). Cyber security and mobile threats:
The need for antivirus applications for smart
phones. Journal of Information Systems
Technology and Planning, 5(14), 40-60.

47
IJRITCC | May 2021, Available @ http://www.ijritcc.org