There is software available, like Metasploit, to gain remote access to any android phone. But other than that, we have the L3MON tool (A Cloud-based Remote Android Management Suite) for the same purpose.
Let’s discover how to install, set up, and utilize L3MON on the Kali Linux system.
L3MON gives a web-based interface to interact with the victim’s smartphone. The process is to create an APK payload, deliver it to the victim’s phone, and boom attacker got the victim’s phone session.
The features with L3MON deals are:
Update your system once before starting installation. As per the Prerequisites, the first thing we need to install is Java Runtime Environment
sudo apt-get install openjdk-8-jre
Once installed, you can issue the “java –version” command to check the JRE version.
After that, we need to install NodeJs , and for that, first, we will download the NodeJs package into our system.
curl -sL https://deb.nodesource.com/setup_13.x | sudo bash –
Now, we will install the NodeJs.
sudo apt-get install -y nodejs
Lastly, we need to install the pm2 process manager. If you don’t have “npm” installed in Kali Linux, you can install it with “apt-get install npm.”
sudo npm install pm2 -g
After installing all prerequisites, git clone the L3MON tool from Github.
wget https://github.com/D3VL/L3MON/releases/download/1.1.2/L3MON-v1.1.2.zip
Once the L3MON zip file downloads in Kali Linux, move and extract it to another folder created on Desktop.
Right-click on the extracted folder and open the terminal from there.
Install dependencies for L3MON.
npm install
Start the server with the following command and go to the localhost to check if the L3MON is loading up fine.
pm2 start index.js
To set up the password for login, first, stop the server.
pm2 stop index.js
Open the “JSON” file in any editor and set the login password.
The tool uses the MD5 hash of the password instead of plain text. For that, generate the hash of your desired password from any website.
Save the MD5 hash in the password field of the “maindb.json” file.
Again, start the server with the following command.
pm2 start index.js
Navigate to localhost in a browser with 22533 port.
After successfully logging, go to the APK builder tab and set your system’s local IP address as we are trying this tutorial over LAN.
But if you want to use this tool over the WAN, you can use your public IP with port forwarding.
Once the APK builds, download and transfer it to the target’s android phone.
When the victim installs the malicious payload and gives all permissions to the application, the device will show up on the “Device tab.” Click on the manage button, and bang, you can control the targets device from there.
We can easily spy on the victim’s Android phones from this manager, like seeing contacts.
L3MON is a cloud-based remote android management suite where we can spy on any android phone over LAN or WAN. We can install and configure the tool on Kali Linux, create a payload, transfer it to the target’s phone, and spy on the android phone.
Industrial Cybersecurity
September 28, 2023
Want always be up to date?
By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.
Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings
Gone are the days when phones were only used to make phone calls and send text messages; nowadays, smartphones are more akin to a pocket-sized
Can random characters in your code get you in trouble? They certainly can! Today, we are going to discuss CRLF injections and improper neutralization of
Cloud security posture management (CSPM) is a relatively new term in the field of cybersecurity, but it is already a thriving sub-field. Companies are already
Want always be up to date?
By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.
Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings
