Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to keep android meterpreter shell script running in background after app is closed #16375

Closed
karpiyon opened this issue Mar 24, 2022 · 11 comments
Closed

How to keep android meterpreter shell script running in background after app is closed #16375

karpiyon opened this issue Mar 24, 2022 · 11 comments
Labels
android question Questions about Metasploit Usage Stale Marks an issue as stale, to be closed if no action is taken

Comments

@karpiyon
Copy link

I am connected to android using a meterpreter shell, using an embedded backdoor created with msfvenom (latest build)
I want to run a loop, on the android which will stay running even when the app is closed.
The purpose is to keep the session trying to reconnect after the app closes.
To test if the script keeps running in the background I use a simple shell script:

#!/bin/bash
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
do 
  newFile="test$i"
  touch $newFile
  sleep 60
done

On the meterpreter shell I use:
>shell
>sh test.sh &
or
>nohup sh test.sh &

I then try to terminate the shell and keep the script running.

  • If I type CTRL+Z it will keep running but only as long as the app is running.
  • If I type CTRL + C followed by y, as some examples I saw suggest, the script terminates immediately.
  • If I type CTRL + C followed by N, I get:
    [-] core_channel_interact: Operation failed: 1
    The script keep running in the background, and again, when I close the app the script stopes running.

How then, do I:

  1. Exit the shell and keep the script running?
  2. Make sure the script will keep running even when the app is closed?
@karpiyon karpiyon added the question Questions about Metasploit Usage label Mar 24, 2022
@bcoles bcoles added the android label Mar 24, 2022
@bcoles
Copy link
Contributor

bcoles commented Mar 24, 2022

How then, do I:

1. Exit the `shell` and keep the script running?

You can background the shell channel with CTRL+Z.

You could also try execute with the -z flag to execute in a subshell. ie:

meterpreter > execute -z -f /bin/sleep -a 600

2. Make sure the script will keep running even when the app is closed?

You will likely need to root the device. See also

@karpiyon
Copy link
Author

If I understand correctly, in new version of Android, there is no was to keep the script running in the background when the app, with the backdoor, is closed, unless the device is rooted.
Is this correct?

And of course rooting the device or disable battery optimizations, as suggested in one of the links you sent, can't be done with a meterpreter shell, can it?
It need to be done ON the device, correct?

@bcoles
Copy link
Contributor

bcoles commented Mar 24, 2022

If I understand correctly, in new version of Android, there is no was to keep the script running in the background when the app, with the backdoor, is closed, unless the device is rooted. Is this correct?

The payload will close when the app is closed.

Maybe you can work around this by running a payload as a service. No idea.

And of course rooting the device or disable battery optimizations, as suggested in one of the links you sent, can't be done with a meterpreter shell, can it? It need to be done ON the device, correct?

You can root the device remotely using adb or exploits.

As for battery/power settings, if there's a way to change them through the user interface then there's probably a way to do it from command line if you have the necessary privileges. The relevant settings vary between devices. See:

@github-actions
Copy link

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

@github-actions github-actions bot added the Stale Marks an issue as stale, to be closed if no action is taken label Apr 25, 2022
@timwr timwr mentioned this issue Apr 27, 2022
Merged
7 tasks
@github-actions
Copy link

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it.
Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

@shk-trix
Copy link

shk-trix commented Oct 5, 2022

Karpiyon como pudiste solucionarlo?

@karpiyon
Copy link
Author

karpiyon commented Oct 11, 2022 via email

@shk-trix
Copy link

Podrías ayudarme a crear una aplicación con la persistencia, te pagare.

@MaxHornet
Copy link

The only way I am able to create persistent payloads to run is by creating my own app. I had to add the persistent backdoor to my app and tin it's server on the app stars as a consistent server. injecting the payload to an existing APK in this way is too complicated. you also need the user,when installing the app, to confirm all the app permissions

________________________________ From: shk-trix @.> Sent: Wednesday, October 5, 2022 5:54 PM To: rapid7/metasploit-framework @.> Cc: karpiyon @.>; Author @.> Subject: Re: [rapid7/metasploit-framework] How to keep android meterpreter shell script running in background after app is closed (Issue #16375) Karpiyon como pudiste solucionarlo? — Reply to this email directly, view it on GitHub<#16375 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AHCZEKK5OGOG26KMUZ2NAWLWBWJDNANCNFSM5RP6OEIA. You are receiving this because you authored the thread.Message ID: @.***>

How you did that can you explain me, this is the only thing i want to implement on my payload but did not found any useful sources on how to do that, can you help me?

@Willtrick
Copy link

The only way I am able to create persistent payloads to run is by creating my own app. I had to add the persistent backdoor to my app and tin it's server on the app stars as a consistent server. injecting the payload to an existing APK in this way is too complicated. you also need the user,when installing the app, to confirm all the app permissions

________________________________ From: shk-trix @.> Sent: Wednesday, October 5, 2022 5:54 PM To: rapid7/metasploit-framework @.> Cc: karpiyon @.>; Author @.> Subject: Re: [rapid7/metasploit-framework] How to keep android meterpreter shell script running in background after app is closed (Issue #16375) Karpiyon como pudiste solucionarlo? — Reply to this email directly, view it on GitHub<#16375 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AHCZEKK5OGOG26KMUZ2NAWLWBWJDNNCNFSM5RP6OEIA. You are receiving this because you authored the thread.Message ID: @.***>

How did you do that please can you explain

@Y-afes
Copy link

Y-afes commented Apr 6, 2024

After Android 6.0, permanence scripts do not work in Meterpreter. I solved the problem by making the payload permanent with the app clone software and getting the permanent payload output.

@h00die h00die mentioned this issue Jun 3, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
android question Questions about Metasploit Usage Stale Marks an issue as stale, to be closed if no action is taken
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@bcoles @karpiyon @Y-afes @MaxHornet @shk-trix @Willtrick