Hello and Welcome my aspiring hackers, How are you? Well, I know, there hasn’t been a lot of hacking tutorials lately as I was working on the python course which has been finished, if you are a regular visitor you must know. If you want to learn python programming for free, CLICK HERE. Otherwise, let’s move forward.
Android pin password is there for years now, and it’s still there. Yes, it has been replaced with fingerprint and face unlocks, but it is still there. For the time, if the new unlocking feature doesn’t works. There was a time, there was pattern lock and all, but I couldn’t see them in use now.
Moving on Cracking or brute-forcing the android pin password is hard. The time sleep is there and other factors but what if we can ask the user to do that. But how will that happen? Well, that’s what we are going to do today, we will phish the user to enter his pin password, and bam, we are in.
We will use a tool called Lockphish. Lockphish is the first tool developed to phish Android pin password, Windows Login screen password, and iPhone pin passcode. So, Fire up your Kali, and let’s do the hacking.
Hacking Android pin using Lockphish
- First, we will clone the lockphish tool from Github. For that open up a terminal and type – “git clone <url>”. URL can be found here.
- Next Go into the lockphish folder, by typing “cd lockphish”.
- You can see the files around here. We want the lockphish.sh file, it’s our main bash file, if it isn’t green, then we have to give file execution permission. We can do that by typing “chmod +x lockphish.sh”.
- To execute the script, type – “sudo bash lockphish.sh” and then enter your password.
Now, we are ready to do the attack. If this is the first time, then it might download ngrok package for you. Let it download. Once done and execute like above then it will ask you for the redirect link, default it is youtube.com, I am keeping it that only. You can change it if you want, what it does is, it will redirect the user after the phishing attack so that it didn’t seem suspicious.
Then a PHP server will start running and you will be given a link. After that just send this link to the victim. Once the victim opens the link, we can see important information about the victim like IP address, Device name, Browser, etc.
Now suddenly, the victim will be prompted with a login screen for a pin password. If he falls for the trap, you will be getting his pin password. And after that, he will be redirected to youtube, Like nothing happened.
So, that was it, we saw how we can hack into a pin password by doing a simple phishing attack against android devices using lockphish. It’s a great tool for beginners. So, on that note, that’s all for today, this is professor void, signing off, I will meet you in the next one. Till then “Happy Hacking” and Bye.