May 22, 2011

Metasploit on Android HTC Desire HD

Great article how to run Metasploit on Android Device. If you want to donate me , please click the download link in this page and complete the survey or just go to the Source and download it.

First of all, let me convince you that this is not a real porting of metasploit on an android device for that you need to follow this link to review the bug track.
This is just a work around for my desire to run metasploit on android at least on top of ubuntu


1. Metasploit works flawlessly at least for most part.
2. All the Linux tools are there to aid you.
3. Possibilities of having metasploit on mobile devices are endless in bad way thou.


1. You need to be connected to Wi-Fi, or you can use a mobile network thou I worked mainly on Wi-Fi LAN for testing purposes. Yea, you can use the mobile network as usual, but I never tested.
2. Wi-Fi related modules don't work as it should.
This is how it works -> Root the mobile -> Install ubuntu or debian -> Install metasploit on ubuntu -> use it with the terminal application or a vnc.

Objectively simple is't it?
Now we go step by step if you think you have the steps figured out, please don't mind skipping the steps.

Rooting the device.
Rooting the device have its own advantages and disadvantages, just a Google search will throw some light into it.Since me being new to android bandwagon, I really don't know how all the devices are rooted. But for HTC Desire HD, rooting the device is pretty simple, you can search for the software Visionary either in the market (Visionary is removed now from the market place so you need to fetch it from here) or on Google to find it.
Install the application and open it, you will be prompted with a screen asking to temp root the device, acknowledge it, in a few seconds. You are all good with a conformation.
Installing Ubuntu or Debian
There are plenty of articles covering how to install ubuntu or debian on your phone, else xda-developers forum will be a good place for single shop stop.
As for me, I had followed this tutorial from nexushacks.
It's straight forward to figure it out. In more simplistic ways, I will write down the steps, worked well for me, should work for you as well, if not  post a comment. We will try to work it out.

1.Download Ubuntu
To start with we need to download the Ubuntu compatible with ARM processor, which can be obtained from following places.

You may have to download this file and need to replace the file in the ZIP

2.Install Busybee
The best way to install busybee i found out is to install Titanium Backup from the market, and once you open the application. You will see a button called problems?. Click on it and acknowledge the installation of busybee you are good to proceed.


3. UnZIP the files to your hard diskubuntu-android-1
Unzip the files to a folder Ubuntu in the hard disk.

4. Making the image file bit larger.
If you are following the other tutorials this one step may be a little different. Since, you might have already noticed that the size of the downloaded file is well over 2GB but the img file is furnished with ubuntu basic installation, and well we may need a little more extra space to install metasploit and need a little space to breath around. We so might want to increase the size of the ubuntu.img file.
For this you need to have a Linux, if you have a virtual CD or a virtual box installation that will be good.
For windows users, I personally don't know how to do it, but I came across some tools in XDA forum.
4a, Fireup your ubuntu, open up a shell point it to the unzipped ubuntu.img file, and issue this command.

$ dd if=/dev/zero bs=1M count=XXX >> ubuntu.img  

The XXX count should be how much more size you want to increment. Considering this a 2GB file and maximum supported file size being 4GB an additional 1. 5GB will be good.

$ dd if=/dev/zero bs=1M count=1500 >> ubuntu.img  

4b, now we need to do a system file check and file resize with following commands.

$ e2fsck -f ubuntu.img resize2fs ubuntu.imge2fsck -f ubuntu.img  

5.Copy files to SDCARD
Now it’s that time,,copy ubuntu folder into the root of the SDCARD of the mobile phone.

6. Check-list.
6a.Turn off the USB storage
6b.Turn on USB Debugging mode from Settings->Applications->Development.
6c.Install and fire up ADB shell.
If you don't know what is ADB shell don't worry (I was like what the * is this ADB Shell, Which bakery we get that stuff?).
ADB shell is a tool comes with android SDK, so might want to install it from here.
It may be better if you don't read "how to install" from Google, if you don't have any intention for developing a App for android.
Just install the SDK in a nice place.
6d. Once you installed the SDK go to the tool folder from command and issue

adb shell

7. Booting Ubuntu.
Once you are in the adb shell you will be getting a # symbol.
7a, Type in command 'su' to get super user previlage.
If you get an error, there may be a possibility that you might not have rooted or rooted properly.
7b,Now considering that you copied ubuntu folder on the root of the SDCARD, punch in these commands.

$ cd sdcard/ubuntu
$ sh ./
$ bootubuntu

8. Local host shell
If you are lucky you will be getting a root@localhost:/#

9. Now you are good to install metasploit but if you want X11 or graphical user interface you may want to run these commands as well. If you don’t want VNC go to step 16.
make sure you are in a wifi network.

$ apt-get updateapt-get install tightvncserver
$ apt-get install lxde
$ export USER=root
$ vncserver -geometry 1024×800

(Desire HD screen is 480x800, but some people like a little bit bigger, but I runs 480x800).By the way that 'x' is X as in X-ray.)
It may prompt you for a password, so please type in and remember this is VNC server password and not ubuntu password.

10. Next, we are going to add the following to /root/.vnc/xstartup file using cat command:

$cat > /root/.vnc/xstartup

xrdb $HOME/.Xresources
xsetroot -solid grey
icewm &

Then hit Ctrl+D twice and enter key.

11.Now you may want to install Android VNC app from market.
11a, fireup android VNC and type in localhost, the password you set for VNC server and port is 5901. push Connect. You may see the ubuntu desktop now.

12. If you want the VNC server to start-up automatically you may also want to add following lines to /root/.bashrc file.

$ cat > front
$ export USER=root
$ cd /
$ rm -r -f tmp
$ mkdir tmp
$ cd /
$ vncserver -geometry 1024×800
Then hit Ctrl+D twice and Enter key

13.Next, we will concatenate the file we just made front and /root/.bashrc into a new file called temp:

$ cat front /root/.bashrc > temp
Then we will copy the new file temp over the existing /root/.bashrc.

$ cp temp /root/.bashrc
finally the exit command

$ exit

14. Now you may need to download connectbot or terminal emulator from the market.
I prefer connectbot since we can have multiple terminals and SSH.

15. To check everything works fine just restart the phone temp root again.
Open up the connectbot. Click on the shh button on the bottom and select the local and enter. you will see a command prompt, punch in these commands

$ su
$ cd sdcard/ubuntu
$ sh
$ bootubuntu

If you see the localhost everything might be in order, and you are good to go with the metasploit installation.

16. Now you may have to download the metasploit for ubuntu from the metasploit website here.
 Copy it to the ubuntu installation on the phone.
Hmmm,, actually now I don't remember how I copied it to the Ubuntu or did I downloaded it from the mobile. I cannot remember now.
any way

$ wget

Punch in the above command on mobile.It should be good to get you through, thou it may be a bit slow and make sure you are Wi-Fi connected.

17. Once you have downloaded metasploit.
Point your terminal to downloaded file and punch in these commands.
$chmod +x framework-3.*

18. Technically metasploit will install now.
  It may take bit time. Mine it took like well over 7 minutes. I think. By default it may be installed in /opt directory

19.Once  installation is complete punch in.

$ cd opt/metasploit3/msf3
$ ./msfconsole

In few minutes, you may have your metasploit welcome screen.




Raleigh Guevarra said...

Hi, tried to do this on Kali with my Galaxy Note... But not able to execute the package:

root@localhost:~# chmod +x
root@localhost:~# chmod +x
root@localhost:~# ./
-su: ./ cannot execute binary file
root@localhost:~# ./
-su: ./ cannot execute binary file

Any ideas? Thanks

Sumate jitpukdebodin said...

I think your Kali is 32bit version. If you want to install it try to download Metasploit 32bit version and try to install it again.

Have a nice hack :)