Saturday, January 19, 2019

How to hack and gain complete control over any Android device with AhMyth RAT

RAT or Remote Access Trojan is a malware program that includes a backdoor for administrative control over the target computer or devices, in our case the target is the victim's Android device. In this tutorial, we will be using a tool called the AhMyth RAT in order to create a trojan.apk file and use some social engineering technique to trick the victim into installing the trojan so that we can gain access to their Android device.

There are two parts to this hack. The first part is a server-side application based on Electron framework, in our case, just our desktop or laptop, but this could be scaled up to some degree if needed. This acts as a control panel which we use to create and connect the RAT. The second part is a client-side, which is the infected Android application we will use as a backdoor. Below is a quick demonstration of how AhMyth is used to access the victim's Android devices.

1. There are two ways to download and install AhMyth. The first is to download the source code directly from Github and the second is to use the binaries they provided.

Method One: Linux

First, check whether your system has all of the requirement installed.

Java JDK - is used to generate the APK backdoor
Electron - is used to start the desktop application
Electron-builder and Electron-packer - used to build the binaries for MacOS, Windows or Linux.

Once you have all of the requirement installed you are ready to proceed. First clone the code from Github using the following command

Then move to the AhMyth-Android-Rat directory with the following

cd AhMyth-Android-RAT/AhMyth-Server

Once you're in, start AhMyth with the command below.

npm start

This program is still in beta development, and as such, it isn't as robust as it could be. Some users have gotten errors when attempting to start it. If you do, try again running it as root, as seen below

sudo npm start --unsafe-perm

You'll know it's working when you see the GUI launch

ahmyth user interface

Method Two: Windows and Using Binaries

Requirement before installing AhMyth:

1. The second method is installing on Windows. This method is very similar to the first method but since you are installing this on a Windows machine you can skip a most of command lines by just downloading the .exe files and double click on them to install all of the requirement. The only thing you have to change is when you are installing Git make sure you choose the option Use Git and optional Unix tools from the Command Prompt because this changes most of the Windows command to Unix which will make things a lot easier when we are using the command lines to install AhMyth.

use git optional unix tools from the command prompt

2. Once you got all of the requirement above installed go ahead and open Git Bash like I have below.

git bash terminal

3. Now type in git clone and press Enter

git clone

4. Now type in npm install electron-packager -g like I have below and press Enter.

npm install electron-packager -g

Note that you can also get the instruction here as well, on how to install electron-packager.

4. Type in ls and press Enter. Look for the AhMyth-Android-RAT directory.

5. Use the cd command to change to the AhMyth-Android-RAT directory like I have below.


6. Now type in npm install and press Enter.

npm install

7. Type in npm start and press Enter

npm start

8. If you did everything correctly you should see a screen like below.

9. Once the tool is opened you will see two tabs. One is the Victims and the other is APK Builder. Click on APK Builder tab.

10. In the Source IP box type in your computer IP address. Note if you are testing this on a LAN you can just put in your local IP Address and if you are testing this over the internet, you will have to port forward.

11. Type in the Source Port number. This port number can be any number you would like to listen on. For my example, I just put in port 4444 but you can put in any port number you want and click on Build. Now navigate to the directory C:\Users\UserName\AhMyth\Output and your APK file should be there.

Note: AhMyth also gives you the option to bind this trojan to an APK file but for this tutorial, I will only be using the standard option but if you were to use this to perform a pentest on a real victim it would be best to bind the trojan to an actual APK file like a game or an app.

12. To deploy this simply upload it to any file hosting site and send it to the victim and convince them to download and install it. Once the victim installed the APK file it will be completely hidden and all you have to do is go back to AhMyth, click on the Victims tab type in the port number you assigned to the APK earlier and click on Listen


Post a Comment