Ahmyth is an open source remote access tool and has many features you would expect to see in a RAT such as Geo location monitoring, SMS modules, Contact Lists Viewer, File Manager, Camera Snapshots, Microphone recorder and much more. AhMyth is very easy to use due to its simple and effective GUI design and is a multi-platform remote access tool that is available for Linux, Windows & Apple OS.
AhMyth consists of two parts.
- Server side : desktop application based on electron framework (control panel)
- Client side : android application (backdoor)
In this tutorial I will be using a Linux based operating system if you are using Windows, AhMyth also has a Windows version available.
First of all we need to install AhMyth.
- Electron (to start the app)
- Java (to generate apk backdoor)
- Electron-builder and electron-packer (to build binaries for (OSX,WINDOWS,LINUX)
Next cd in to AhMyth-Android-Rat directory.
Start AhMyth using command below.
When i first started AhMyth with npm I got errors I then used this command to launch AhMyth.
sudo npm start --unsafe-perm
What is the –unsafe-perm tag and what are the drawbacks of using it.
Thanks sam-github for explaining the –unsafe-perm tag.
- con: install scripts are run as root, and you probably did not read them all to make sure they are safe first.
- pro: without them, no install script can write to disk in its own module folder, so unless the install script does nothing but print some things to standard out, the modules you need will not install.
- Download binary from https://github.com/AhMyth/AhMyth-Android-RAT/releases
As you can see from the screen shot below AhMyth has successfully started.
Now we have AhMyth running its time to configure the server this is a desktop application based on electron framework (control panel) it will be used to create a listener back to the attacking device.
Choose what port you would like to run AhMyth server on. Default port is 42472
once a port has been chosen click button “Listen” from the top right of AhMyth application.
Screen shot shows AhMyth server running on port 42474
Now that a server has successfully started a listener on the selected port we can now use “APK Builder” to create a Android apk backdoor.
From the top menu click on “APK Builder”
In this tutorial I will be using the basic backdoor that is generated by AhMyth. You can also embed a backdoor in to an original apk by using bind APK option.
If you plan on using AhMyth within your own network use your local IP address, If you plan on using AhMyth outside of your own network use your public IP address.
Image shows backdoor APK file being successfully generated and displayed in its output directory.
Once APK file has been successfully generated its time to move it over to the target Android device. Use what ever method of delivery you like to send the malicious backdoor it is completely up to yourself Social Engineering methods can often work best while delivering a payload. Once the target installs the malicious Android application and launches it the target device will appear from within AhMyth target menu.
If we open up the compromised Android device from the target list you can then use various modules from within AhMyth to conduct various assessments of the target Android device.
Once an Android device has been compromised. Each time you open a session with the device a windows will be displayed with the the words “Stay Educated”. From the menu within the window we can use various exploit modules.
File Manager allows files to be access from within the compromised Android devices.
Image shows file browser of compromised Android device.
Image below shows Geo location module and the location of the target Android device.
Image shows location of compromised Android device. For privacy reasons I have turned GPS off while demonstrating this RAT.
Using AhMyth SMS messages can be sent from the compromised Android devices to other mobile devices. AhMyth can also view SMS Lists from the target Android devices.
Image shows send SMS module that is used to send SMS messages and view SMS lists of compromised Android devices.