L3MON is a remote Android management suite, we can use it to gain access on any android smartphone. In easy words this is a Android RAT (Remote Administrative Tool).
In today's detailed tutorial we learn how to install & configure L3MON on our Kali Linux system and use it.
Using L3MON we can make an Android APK payload and send it to android device and after installing it on android device we can gain the access of Android device via L3MON's web based interface, we can send commands from the easy web based interface and execute our commands on targeted devices.
L3mon have lots of beautiful features they are following:
- GPS Logging
- Microphone Recording
- View Contacts
- SMS Logs
- Send SMS
- Call Logs
- View Installed Apps
- View Stub Permissions
- Live Clipboard Logging
- Live Notification Logging
- View WiFi Networks (logs previously seen)
- File Explorer & Downloader
- Command Queuing
- Built In APK Builder
Installing L3MON in Kali Linux
We need Java Runtime Environment 8 and nodejs installed in our machine to run L3mon.First we install the JRE (Java Runtime Environment) on our system by applying following command:
This command will install JRE version 8 on our system as shown in following screenshot.
 |
| We already have installed JRE |
Then we run following command to install it.
Then we install pm2 process manager by using following command:
Now we are ready to install and configure L3MON.
We download it from it's GitHub by using git clone command:
This command will download L3MON in our system. Now we create a new folder in our Desktop named L3MON and copy the downloaded zip file there.
Then extract it by right clicking on the zip file and choosing "extract here".
Then we open a terminal window and navigate to L3MON in our Desktop by simply using cd command:
Here we install all the dependencies by using following command:
Let start the server by using following command:
Now we can see our server in our browser http://localhost:22533 there will be a login page as following screenshot:
We create a login for our server here. But we cant login because we did not created a password to login. To create a password we stop our serve by using following command:
Now we need to edit maindb.json file using our favorite text editor mousepad.
Here we edit the username if we want it. But in the password field, we need to give our password's md5 hash. Means if we fill here the password as plain text, will not work. We must need to put password's md5 hash.
How to create a md5 hash of a password? Suppose our password is qwerty (This is for an example we shouldn't choose easy passwords for security reasons). To convert it on md5 we need to use following command in another terminal window.
Here we got the MD5 hash of our password as we can see in the following screenshot.
Then we fill our username and password in maindb.json file then save and close this file.
Now we again start the server by using following command :
Then again open our localhost in browser with 22533 port.
As we set our username kali and password qwerty we fill it and click on login.
We are successfully logged in.
We download it from it's GitHub by using git clone command:
This command will download L3MON in our system. Now we create a new folder in our Desktop named L3MON and copy the downloaded zip file there.
Then extract it by right clicking on the zip file and choosing "extract here".
Then we open a terminal window and navigate to L3MON in our Desktop by simply using cd command:
Here we install all the dependencies by using following command:
It will install the dependencies now as we can see the the following screenshot:
Let start the server by using following command:
Now we can see our server in our browser http://localhost:22533 there will be a login page as following screenshot:
We create a login for our server here. But we cant login because we did not created a password to login. To create a password we stop our serve by using following command:
Now we need to edit maindb.json file using our favorite text editor mousepad.
Here we edit the username if we want it. But in the password field, we need to give our password's md5 hash. Means if we fill here the password as plain text, will not work. We must need to put password's md5 hash.
How to create a md5 hash of a password? Suppose our password is qwerty (This is for an example we shouldn't choose easy passwords for security reasons). To convert it on md5 we need to use following command in another terminal window.
Here we got the MD5 hash of our password as we can see in the following screenshot.
Then we fill our username and password in maindb.json file then save and close this file.
Now we again start the server by using following command :
Then again open our localhost in browser with 22533 port.
As we set our username kali and password qwerty we fill it and click on login.
Now we are in control. We need to open the APK builder tab.
Note: If we want to control android device on our local network (same WiFi) then we can use our local IP and to connect devices through internet we need to put our Public IP (Static IP is preferred for a long time use).
After clicking on build we got an error like this.
We solved this error by configuring JAVA in another terminal by running following command:
Here we can select Java versions. We need Java version 8 to run L3MON tool. In out case it is on number 2, as we can see in the following screenshot.
Then we restart our running L3MON server by using following command:
Bingo, the error goes now the build is ready to download.
After a successful installation it on targeted device and the phone user tries to open this L3MON will asks all the permission of devices and automatically hide itself from the app drawer.
After this we got the connection with the device. We can check it on our Devices tab.
 |
Comments