Hey Folks, today in this tutorial we are going to share with you a cloud based remote android management suite called “L3MON”. L3MON is an cloud based remote android management suite but for now we’ll configure it on localhost in our kali linux operating system. L3MON android management suite is designed in NodeJS language. If seen, it is a type of android management tool that creates a fully undetectable payload for the android operating system and has access to the entire device.
Features of L3MON
- GPS Logging
- Microphone Recording
- View Contacts
- SMS Logs
- Send SMS
- Call Logs
- View Installed Apps
- View Stub Permissions
- Live Clipboard Logging
- Live Notification Logging
- View WiFi Networks (logs previously seen)
- File Explorer & Downloader
- Command Queuing
- Built-In APK Builde
Let’s take a look 😛 !!
Install Dependencies – NodeJs
As we know that the entire project is coded in nodejs, so we have to install nodejs in our system in order to operate it. In addition, we have to install NPM package manager to publish Nodejs projects.
1 | apt install nodejs npm |
Install PM2
Basically pm2 allows us to handle application deployments and keep applications alive forever. So you need to install it by using the following command.
1 | npm install pm2 -g |
Tool Installation
Download the entire tool from github with git command, go to the directory and then its server directory and execute the “npm” command.
1 2 3 4 | git clone https://github.com/D3VL/L3MON.git cd L3MON cd server npm install |
Opps 😛 !! After executing the command you will get an error which we have highlighted which you need to execute to fix the issues.
1 | npm audit fix |
Now start and daemonize the application by using the following command.
1 | pm2 start index.js |
Make pm2 auto-boot at server restart by using the following command.
1 | pm2 startup |
Hmm 😛 !! We followed all the above instructions to check if it worked. Everything is fine, So we need to shut it down again to do some required configuration in the server.
1 | pm2 stop index |
We need to change the password to MD5 hash encryption and put it in the configuration file to secure the admin panel. You can change the password according to the command below.
Usage 😛 !! echo -n “Your Password” | md5sum
1 | echo -n "12345" | md5sum |
Good 😛 !! Now here you can keep the username and password as per your choice but only add MD5 hash value to the password.
1 | nano maindb.json |
BOOT 😛 !! Everything is done and now we need to restart all the servers again.
Nice 😛 !! In just one attempt we have successfully configured this tool on our localhost. Just use the following location, execute it on our browser, enter the username “admin” and password “12345″ and that’s it you will redirect to the admin panel.
APK Building
Without wasting time, just go to the APK Builder section and give the localhost IP address and enter the port according to you.
Good 😛 !! It only takes 10 to 20 seconds to create android trojan. Once the payload is created, just download it and share it to the victim as per you.
FUD Payload
BOOM 😛 !! It is very important whether the payload is detectable or not ? But in this case our payload is completely undetectable as you can see in the image below.
Great 😛 !! Once the victim has installed it and enabled the necessary permissions then you will get full access to the android phone. As you can see in the image below, we have got more information about the victim’s phone such as his IP address, device name and more.
Once you enter the manage button, you will get all these options to manage the victim phone.
GPS Information
You can track the exact location of the victim mobile.
Contact Info
It has dumped all saved contacts on the victim mobile.
Call Logs
You can see recent and previous calls on the victim’s mobile.
SMS Manager
Through this facility you can view all the messages as well as send the message to another person through the victim mobile.
WIFI Manager
You can get the details of the previously connected wifi network.
Installed Applications
You can also monitor what kind of applications are already installed into the victim’s mobile.
File Explorer
The main feature came at the end from where you can control the entire file manager of the victim mobile.
It’s an truly Full Undetectable Payload (FUD) for Android Operating System.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
Everything went fine until i got to the lemon manager and i had an error on build as it said i had the wrong java version. 🙁
use this command in order to solve this error.
update-alternatives –config java
command not working
command not working
bro wrong java version installed….then i tried to install it manually. i successfully installed that version and uninstalled default version..but when i used the command to see version…it was showing default version which i already uninstalled.. then i used update-alternatives –config java
i got this:
root@Secure-OS:/home/kodachi/Downloads# update-alternatives –config java
update-alternatives: error: unknown argument ‘–config’
root@Secure-OS:/home/kodachi/Downloads#
.i am really messed up with it i tried these all command too https://medium.com/@ayeshajayasankha/how-to-install-and-switch-between-alternative-java-versions-66b3671fc382
but didnt work i was getting these
root@Secure-OS:/home/kodachi/Downloads# sudo update-alternatives — set java /home/kodachi/Downloads/java-se-8u41-ri/bin/java
update-alternatives: error: unknown argument ‘—’
see…what the hell is wrong with this java…reply it fast bro…thankyou
Just enter the hyphens by itself.
update-alternatives –config java
before the config you need to give 2 hyphens.
checkout this article : https://secnhack.in/perfectly-inject-a-payload-in-an-original-facebook-apk/
It is working only on loaclip
Can we use it over the internet
yes ! but have to provide public ip address.
I use open vpn to get a public ip, and enter my public ip when creating the apk, but the application never finished, please explain why this happened?
what you are using ?.
help please login fail wrong user passwd
bro i am unable to log in lemon panel its showing continuesly same page plz help
While APK building showed wrong Java version installed please use java 1.8.0
Please help
Download APK in victims phone allowed all permission but not showing the details in local host:22533
Please help me…
I cant login wit admin and 12345 … Why?
{
“admin”: {
“username”: “admin”,
“password”: “2131f598b9296f0fa2328ae8f0aecbf7”,
“loginToken”: “”,
“logs”: [],
“ipLog”: []
},
“clients”: []
}
Password login here
Hmm Okie this tutorial was good 👍 but how to see victim social media messages like Instagram n snapchat any method ?
I have see ur all blogs. The information i get really help me a lot but but I don’t get information what I was looking for umm like u have any method to see victims Instagram n snapchat massages ??
Hey buddy you can do a phishing attacks for instagram, snapchat or Facebook to access it via termux android
Yes ! check article.
I have see ur all blogs. The information i get really help me a lot but but I don’t get information what I was looking for umm like u have any method to see victims Instagram n snapchat massages ??
Hi bro, how to clone the repo?
Hello. i am getting an error while the apk is built
“Wrong JAVA version installed. Detected OPENJDK version “11.0.11-ea. Please use java 1.8.0
use this one : update-alternatives –config java
and select option first.
# update-alternatives –config java
There is only one alternative in link group java (providing /usr/bin/java): /usr/lib/jvm/java-11-openjdk-amd64/bin/java
Nothing to configure.
i am tryin to install openjdk-8, but the repo are not trying to find it
error: openjdk “11.0.11”. Please use java 1.8.0
execute this command.
update-alternatives –config java
Note : mkae sure give two hyphens before the config as it may give error if you copy and paste this command directly on the terminal.
(update-alternatives: error: unknown argument ‘–config’) likha ariye plz help bro
Hey dude w0rks on localserver 🙂
but can u plz say how to do it over wan plz plz ??
plz help me in it ;(
Definitely we will try to make an article on it :)!! soon.
i can’t connect to my local host. can you please tell me what’s wrong?
Great blog. I will not fail to follow him !
For error: openjdk “11.0.11”. Please use java 1.8.0, update-alternatives –config java don’t work.
On repository default kali linux for exemple, java 11 is older version.
The solution is to install SDK : https://sdkman.io/
Installation page : https://sdkman.io/usage
Then execute sdk install java 8.0.292-open, reboot the system after.
Well done, it’s work ! 😉
Don’t forget to change your version of java if necessary.
Can you please make it on urgent basis , we all want to learn over wan.
hii,
Does payload apk work as a background process? or it has to be foreground to be able to start session?
i think so 🙁 !!
can you help me
15/06/2021, 20:26:44 => ERROR | Build Failed – Java Not Installed
15/06/2021, 20:26:44 => ERROR | Build Failed – Unable to spawn Java – Error: spawn java ENOENT
15/06/2021, 20:24:50 => ERROR | Build Failed – Java Not Installed
15/06/2021, 20:24:50 => ERROR | Build Failed – Unable to spawn Java – Error: spawn java ENOENT
check comment
after installing the apk cant see any
how ??
does it works on same local network
yes
What apk crypter can be used to use against play protect its easily detected
I want Ahmyth android rat in new post
sure
Every weekend i used to visit this web site, because i want enjoyment, for the reason that this this website conations in fact good funny information too.
maindb.json is not showing in L3MON server directory or is not creating…..when i give ‘nano maindb.json’ it shows empty file……then i added the same code you showed in the picture but not working.. when i tried to login in the browser it says “problem loading the page”…..pls help
Can’t find connection to my device