• We just launched and are currently in beta. Join us as we build and grow the community.

L3MON – Create FUD Payload and Hack Android Phone

pinktrousers

Giggle Creator
P
P Rep
0
0
0
Rep
0
P Vouches
0
0
0
Vouches
0
Posts
140
Likes
126
Bits
0
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 300 XP
Black-and-Red-Minimalist-Finance-Presentation-1.png.webp


Hey Folks, today in this tutorial we are going to share with you a cloud based remote android management suite called “L3MON”. L3MON is an cloud based remote android management suite but for now we’ll configure it on localhost in our kali linux operating system. L3MON android management suite is designed in NodeJS language. If seen, it is a type of android management tool that creates a fully undetectable payload for the android operating system and has access to the entire device.

Features of L3MON
  • GPS Logging
  • Microphone Recording
  • View Contacts
  • SMS Logs
  • Send SMS
  • Call Logs
  • View Installed Apps
  • View Stub Permissions
  • Live Clipboard Logging
  • Live Notification Logging
  • View WiFi Networks (logs previously seen)
  • File Explorer & Downloader
  • Command Queuing
  • Built-In APK Builde

Let’s take a look 😛 !!

Install Dependencies – NodeJs

As we know that the entire project is coded in nodejs, so we have to install nodejs in our system in order to operate it. In addition, we have to install NPM package manager to publish Nodejs projects.

apt install nodejs npm1apt install nodejs npm

1.png

Install PM2

Basically pm2 allows us to handle application deployments and keep applications alive forever. So you need to install it by using the following command.

npm install pm2 -g1npm install pm2-g

2.png

Tool Installation

Download the entire tool from github with git command, go to the directory and then its server directory and execute the “npm” command.

git clone https://github.com/D3VL/L3MON.git
cd L3MON
cd server
npm install1234git clone
https://github.com/D3VL/L3MON.gitcd L3MONcd servernpm install

3.png


Opps 😛 !! After executing the command you will get an error which we have highlighted which you need to execute to fix the issues.

npm audit fix1npm audit fix

4.png


Now start and daemonize the application by using the following command.

pm2 start index.js1pm2 start index.js

5.png


Make pm2 auto-boot at server restart by using the following command.

pm2 startup1pm2 startup

6.png


Hmm 😛 !! We followed all the above instructions to check if it worked. Everything is fine, So we need to shut it down again to do some required configuration in the server.

pm2 stop index1pm2 stop index

7.png


We need to change the password to MD5 hash encryption and put it in the configuration file to secure the admin panel. You can change the password according to the command below.

Usage 😛 !! echo -n “Your Password” | md5sum

echo -n "12345" | md5sum1echo-n"12345"|md5sum

8.png


Good 😛 !! Now here you can keep the username and password as per your choice but only add MD5 hash value to the password.

nano maindb.json1nano maindb.json

9.png


BOOT 😛 !! Everything is done and now we need to restart all the servers again.

10.png


Nice 😛 !! In just one attempt we have successfully configured this tool on our localhost. Just use the following location, execute it on our browser, enter the username “admin” and password “12345″ and that’s it you will redirect to the admin panel.

n0.png

APK Building

Without wasting time, just go to the APK Builder section and give the localhost IP address and enter the port according to you.

n1.png


Good 😛 !! It only takes 10 to 20 seconds to create android trojan. Once the payload is created, just download it and share it to the victim as per you.

n2.png

FUD Payload

BOOM 😛 !! It is very important whether the payload is detectable or not ? But in this case our payload is completely undetectable as you can see in the image below.

n3.jpeg


Great 😛 !! Once the victim has installed it and enabled the necessary permissions then you will get full access to the android phone. As you can see in the image below, we have got more information about the victim’s phone such as his IP address, device name and more.

n4.png


Once you enter the manage button, you will get all these options to manage the victim phone.

n5.png

GPS Information

You can track the exact location of the victim mobile.

n6.png

Contact Info

It has dumped all saved contacts on the victim mobile.

n7.png

Call Logs

You can see recent and previous calls on the victim’s mobile.

n8.png

SMS Manager

Through this facility you can view all the messages as well as send the message to another person through the victim mobile.

n9.png

WIFI Manager

You can get the details of the previously connected wifi network.

n10.png

Installed Applications

You can also monitor what kind of applications are already installed into the victim’s mobile.

n11.png

File Explorer

The main feature came at the end from where you can control the entire file manager of the victim mobile.

n12.png


It’s an truly Full Undetectable Payload (FUD) for Android Operating System.

About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
 
You must log in or register to reply here.

422,212

310,551

310,560

A Ahmad19979
Top