✳️ Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration.

✳️ We can use this framework to control old Android devices which have turn on the debug bridge in the "Developer options".

✳️ Now this becomes very harmful because an attacker gets the full admin control on the vulnerable Android device.

But we need access to victims' mobile and need to be in the same network as an attacker or use port forwarding. Ok let's start



Step 1:- Open a terminal and then Install the ADB using the following command

Sudo apt-get update

Sudo apt-get install android-tools-adb

Sudo apt-get install android-tools-fastboot

(Just use sudo for the first command then u can ignore the sudo for the rest)

✳️ Step 2:- Clone the Ghost Framework from GitHub by using following command:

git clone https://github.com/entynetproject/ghost

Wait untill it gets download.

Step 3:- Then we go the ghost directory by using cd command:

Cd ghost

Step 4:- Now we need to install it using the installer script. Before that we give the permission to the installer script by applying following command:

Sudo chmod +× install.sh

Step 5:- Now we can run the installer script using the following command:

Sudo ./install.sh

Then wit will start installing the dependencies and this process will take some time depending on your internet speed.

⚠️ Now Everything is installed Lets Start exploiting

Step 1:- Go to "about phone" in settings and then tap 7 times on Build Number.

Step 2:- go back to the setting and now you can see, there will be an Option called "developer options". click on that and then Enable USB Debugging.

Now connect the Android device via USB cable and allow the USB Debbuging when prompt. To verify the connection is successful or not, execute the following command

adb devices

(It will shows the list of device attached)

Now You Can Remove USB cable and give back the victim's Mobile.

Step 4:- Now we can run Ghost Framework from anywhere in our terminal by only the ghost command:


Step 5:- Now type the following command to connect with victim mobile

Ex: Connect

here connect is a command and IP address is victim mobile's ip..

Stpe 6:- once u get connected., Exploit as u like.. type help to get all commands.

⚠️ Note: There are lots of exploits here you can do with that Android device. This is just one of the method which need victims mobile.. we can also do without touching the victims mobile.. i will teach that later just stay tuned

If you want to use PhoneSploit Over WAN just use Port Forwarding



No comments: