L3MON - Hack Android Mobile Remotely [Step-by-Step]


Ethical hacking

Reviewer: Deepak Prasad

In this guide, we will be using the l3mon android remote administration tool to hack an android mobile remotely by installing a malware on the victim android device. Over the years, android malware has evolved from simple to complex types. These malwares are being built having complex functions within them which allow attackers to have more control of the victim's device and access information remotely. Moreover, the malware can also be installed on the victim's device remotely and they operate in stealth mode to avoid detection by antivirus programs.

 

Prerequisites

  1. Have a PC with Windows or Linux operating system improved. (If you intend to continuously monitor multiple devices, using a server is recommended)
  2. Java Runtime Environment 8.
  3. Have NodeJs installed.
  4. Have a victim android device to monitor.
DISCLAIMER:
This guide has been made for education purposes only. Always make sure you obtain the consent of the parties involved before launching any attack against them.

 

L3mon remote android management tool

L3mon is a remote management tool that generates an android payload without using the command line. While using the l3mon tool, we generate the payload using the tool’s web panel. Some of the features of the payload generated using the l3mon tool include;

  • GPS information.
  • Microphone recording.
  • Contacts on the victim’s device.
  • Viewing SMS.
  • Sending SMS.
  • Viewing call logs.
  • Viewing installed apps.
  • Viewing stub permissions.
  • Live clipboard logging.
  • Live notification logging.
  • Viewing Wi-Fi networks. (Wi-Fi SSID of previously connected networks)
  • File explorer.
  • View downloaded files.
  • Commands queuing.

 

Install L3MON tool

To install the l3mon tool, we first need to install the required dependencies to make sure we don’t face errors as we try to launch the tool and generate a malicious android APK to be installed on the target device.

 

Install Java OpenJDK

We first need to make sure we have installed the Java Runtime Environment. To install, we will download the installer file from the Oracle downloads page. On the downloads page, we have various files from where we download the specific runtime environment we need with respect to our operating system. We can also use the terminal to install the Java Runtime Environment using the command.

sudo apt-get install openjdk-8-jre

l3mon

NOTE:
L3mon recommends using Java 1.8 to avoid running into errors while generating an android APK file.

 

Install pm2

Lastly, we need to install pm2 which is used to keep L3mon running. To install pm2 we run the command.

npm install pm2 –g

l3mon

 

Install L3mon

Having installed the required dependencies, we now are ready to install and use the l3mon tool.  We will download the tool’s file from the official GitHub repository either by manually downloading or via the command line using the command.

git clone https://github.com/D3VL/L3MON.git

l3mon

After the download is complete we navigate to the tool’s file to install the NodeJS required dependencies.

cd L3MON/server

We then install dependencies using the command.

npm install

 

Configure admin password

The last step of installing l3mon is editing the admin password. We open the maindb.json file and add our password in the below-indicated position.

l3mon

NOTE:
L3mon require us to enter the admin password as an md5 hash. You can use one of the many md5 hash generators found online to generate the hash for the password we intend to use.

 

Running l3mon remote android management suite

To launch l3mon, we can use one of the two available commands after we navigate into the server directory within the l3mon tool’s file.

cd L3MON/server

pm2 start index.js’ to start the script or ‘pm2 startup’ if we want to be running l3mon on startup as shown in the image below.

l3mon

 

We can now be able to access and use l3mon via the web browser using the address 127.0.0.1:22533. We will be required to provide the login credentials to log in as shown in the image below.

l3mon

 

By providing the correct login details we are able to access the home page of the panel form where we can see the connected apps and on the top, we can navigate to the app builder to generate a malicious android application as shown on the image below.

l3mon

 

Generating malicious payload

On the image shown below, we can see we only require an IP address and a port number to be able to create the apk. If your target is on the same network as you, you are supposed to use your local IP address and in a case where you want to access the target device over the internet, you will use your public IP address.

After providing the required information you just click build, sit back and wait for l3mon to complete generating the application. Once done an option to download the application will appear.

l3mon

 

Installing the malicious application on the target device

There is no specific way to install the malicious application on the target device. You can refer to our social engineering techniques guide to lure the victim to install the application and use the APK obfuscation technique we discussed earlier to avoid detection by antivirus programs on the target device. The success of this step depends on how well you know your target and the technique you will be using to lure the victim to install the application.

 

Accessing information and managing the victim's device

At this stage, you have already installed your application on the target device. You can now be able to access the victim’s device remotely and you can issues commands to control the device provided that you are on the same network as the victim or the victim is connected to the internet. Below is an image which shows connected devices on the l3mon’s administration page.

l3mon

 

On the image, we can see that l3mon has two categories of devices, those that are currently online and those that are offline at the time. When we click the manage button we are able to access various types of information on the victim device and even be able to issue commands remotely as shown in the images below.

 

Available devices information

We can be able to view when the device was first connected and when it was last connected.

l3mon

 

GPS information

We can be able to view the device's GPS information, and the GPS log of previous locations and we can set the time intervals to check the device’s location.

l3mon

 

Access Microphone

Using the microphone option we can remotely record and listen to what is happening around where the victim device is at.

l3mon

 

Access Contacts

Viewing the saved contacts.

l3mon

 

Call logs

Accessing the call logs available on the target device.

l3mon

 

Clipboard log

Viewing the contents copied on the clipboard

l3mon

 

Access SMS Manager

Using SMS manager we can view messages received and sent by the victim device. We can also be able to send SMS from the l3mon administration panel.

l3mon

 

Access Installed applications

Checking the installed applications.

l3mon

 

Allowed permissions

Viewing the allowed permissions.

l3mon

 

Conclusion

Android remote monitoring tools are expensive, especially where we monitor more than one device. A lot of resources are used to make sure the monitoring system is running and performing as expected. L3mon android management suite being open source cuts down the cost of monitoring these devices as it is available for free. The tool requires minimal resources to operate making monitoring exercises affordable to individuals and organizations in need of such services. It is however a dangerous tool when used by the attackers in their mass monitoring campaigns. As we use l3mon we should ensure we are not breaking the laws set by the government under which we are.

 

Kennedy Muthii

Kennedy Muthii

He is an accomplished professional proficient in Python, ethical hacking, Linux, cybersecurity, and OSINT. With a track record including winning a national cybersecurity contest, launching a startup in Kenya, and holding a degree in information science, he is currently engaged in cutting-edge research in ethical hacking. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

16 thoughts on “L3MON - Hack Android Mobile Remotely [Step-by-Step]”

  1. Why does the Java version still display “Incorrect Java version installed. Openjdk version” 20.0.1 “20 after switching to 1.8.0. Please use Java 1.8.0 ”

    cmd:
    C:\Users\Administrator>java -version
    java version “1.8.0_371”
    Java(TM) SE Runtime Environment (build 1.8.0_371-b11)
    Java HotSpot(TM) 64-Bit Server VM (build 25.371-b11, mixed mode)

    C:\Users\Administrator>javac -version
    javac 1.8.0_371

    Reply
  2. Hello,

    Did I translate it correctly? I’m trying to build the APK, but it seems I’m getting many errors. Do you know why? Is it because the client is outdated, or is it just me? Can you help me with this, please?

    https://user-images.githubusercontent.com/78589683/238977407-6f46cf7c-00f9-4515-8b14-d505514551c6.png

    Executing tasks: [:app:assembleDebug, :app:assembleDebugUnitTest, :app:assembleDebugAndroidTest] in project C:\Users\user\Desktop\L3MON-Mod-Client-main
    
    > Task :app:createDebugVariantModel
    > Task :app:preBuild UP-TO-DATE
    > Task :app:preDebugBuild UP-TO-DATE
    > Task :app:mergeDebugNativeDebugMetadata NO-SOURCE
    > Task :app:compileDebugAidl NO-SOURCE
    > Task :app:compileDebugRenderscript NO-SOURCE
    > Task :app:generateDebugBuildConfig
    > Task :app:javaPreCompileDebug
    > Task :app:generateDebugResValues
    > Task :app:checkDebugAarMetadata
    > Task :app:mapDebugSourceSetPaths
    > Task :app:generateDebugResources
    > Task :app:packageDebugResources
    > Task :app:mergeDebugResources
    > Task :app:createDebugCompatibleScreenManifests
    > Task :app:extractDeepLinksDebug
    > Task :app:parseDebugLocalResources
    
    > Task :app:processDebugMainManifest
    package="com.play.fake" found in source AndroidManifest.xml: C:\Users\user\Desktop\L3MON-Mod-Client-main\app\src\main\AndroidManifest.xml.
    Setting the namespace via a source AndroidManifest.xml's package attribute is deprecated.
    Please instead set the namespace (or testNamespace) in the module's build.gradle file, as described here: https://developer.android.com/studio/build/configure-app-module#set-namespace
    This migration can be done automatically using the AGP Upgrade Assistant, please refer to https://developer.android.com/studio/build/agp-upgrade-assistant for more information.
    
    > Task :app:processDebugManifest
    > Task :app:mergeDebugShaders
    > Task :app:compileDebugShaders NO-SOURCE
    > Task :app:generateDebugAssets UP-TO-DATE
    > Task :app:mergeDebugAssets
    > Task :app:compressDebugAssets
    > Task :app:processDebugJavaRes NO-SOURCE
    > Task :app:checkDebugDuplicateClasses
    > Task :app:mergeDebugJavaResource
    > Task :app:desugarDebugFileDependencies
    > Task :app:mergeDebugJniLibFolders
    > Task :app:mergeLibDexDebug
    > Task :app:mergeDebugNativeLibs NO-SOURCE
    > Task :app:stripDebugDebugSymbols NO-SOURCE
    > Task :app:validateSigningDebug
    > Task :app:writeDebugAppMetadata
    > Task :app:writeDebugSigningConfigVersions
    > Task :app:assembleDebugUnitTest UP-TO-DATE
    > Task :app:preDebugAndroidTestBuild SKIPPED
    > Task :app:compileDebugAndroidTestAidl NO-SOURCE
    > Task :app:processDebugAndroidTestManifest FAILED
    > Task :app:checkDebugAndroidTestAarMetadata FAILED
    > Task :app:javaPreCompileDebugAndroidTest
    > Task :app:generateDebugAndroidTestResValues
    > Task :app:mergeDebugAndroidTestShaders
    > Task :app:compileDebugAndroidTestShaders NO-SOURCE
    > Task :app:generateDebugAndroidTestAssets UP-TO-DATE
    > Task :app:mergeDebugAndroidTestAssets FAILED
    > Task :app:processDebugAndroidTestJavaRes NO-SOURCE
    > Task :app:mergeDebugAndroidTestJavaResource FAILED
    Download https://dl.google.com/dl/android/maven2/com/android/tools/build/aapt2/7.4.2-8841542/aapt2-7.4.2-8841542.pom, took 62 ms (1,09 kB)
    > Task :app:mergeDebugAndroidTestJniLibFolders
    > Task :app:mergeDebugAndroidTestNativeLibs FAILED
    > Task :app:checkDebugAndroidTestDuplicateClasses FAILED
    > Task :app:desugarDebugAndroidTestFileDependencies FAILED
    > Task :app:validateSigningDebugAndroidTest
    > Task :app:writeDebugAndroidTestSigningConfigVersions
    > Task :app:processDebugManifestForPackage
    Download https://dl.google.com/dl/android/maven2/com/android/tools/build/aapt2/7.4.2-8841542/aapt2-7.4.2-8841542-windows.jar, took 170 ms (1,75 MB)
    > Task :app:mergeExtDexDebug
    > Task :app:processDebugResources
    
    > Task :app:compileDebugJavaWithJavac
    Note: Some input files use or override a deprecated API.
    Note: Recompile with -Xlint:deprecation for details.
    
    > Task :app:dexBuilderDebug
    > Task :app:bundleDebugClassesToCompileJar
    > Task :app:mergeProjectDexDebug
    > Task :app:packageDebug
    > Task :app:createDebugApkListingFileRedirect
    > Task :app:assembleDebug
    
    FAILURE: Build completed with 7 failures.
    
    1: Task failed with an exception.
    -----------
    * What went wrong:
    Execution failed for task ':app:processDebugAndroidTestManifest'.
    > Could not resolve all files for configuration ':app:debugAndroidTestRuntimeClasspath'.
       > Could not find androidx.play.ext:junit:1.1.3.
         Searched in the following locations:
           - https://dl.google.com/dl/android/maven2/androidx/play/ext/junit/1.1.3/junit-1.1.3.pom
           - https://repo.maven.apache.org/maven2/androidx/play/ext/junit/1.1.3/junit-1.1.3.pom
         Required by:
             project :app
       > Could not find androidx.play.espresso:espresso-core:3.4.0.
         Searched in the following locations:
           - https://dl.google.com/dl/android/maven2/androidx/play/espresso/espresso-core/3.4.0/espresso-core-3.4.0.pom
           - https://repo.maven.apache.org/maven2/androidx/play/espresso/espresso-core/3.4.0/espresso-core-3.4.0.pom
         Required by:
             project :app
    
    * Try:
    > Run with --stacktrace option to get the stack trace.
    > Run with --info or --debug option to get more log output.
    > Run with --scan to get full insights.
    ==============================================================================
    
    2: Task failed with an exception.
    -----------
    * What went wrong:
    Execution failed for task ':app:checkDebugAndroidTestAarMetadata'.
    > Could not resolve all files for configuration ':app:debugAndroidTestRuntimeClasspath'.
       > Could not find androidx.play.ext:junit:1.1.3.
         Searched in the following locations:
           - https://dl.google.com/dl/android/maven2/androidx/play/ext/junit/1.1.3/junit-1.1.3.pom
           - https://repo.maven.apache.org/maven2/androidx/play/ext/junit/1.1.3/junit-1.1.3.pom
         Required by:
             project :app
       > Could not find androidx.play.espresso:espresso-core:3.4.0.
         Searched in the following locations:
           - https://dl.google.com/dl/android/maven2/androidx/play/espresso/espresso-core/3.4.0/espresso-core-3.4.0.pom
           - https://repo.maven.apache.org/maven2/androidx/play/espresso/espresso-core/3.4.0/espresso-core-3.4.0.pom
         Required by:
             project :app
    
    * Try:
    > Run with --stacktrace option to get the stack trace.
    > Run with --info or --debug option to get more log output.
    > Run with --scan to get full insights.
    ==============================================================================
    
    3: Task failed with an exception.
    -----------
    * What went wrong:
    Execution failed for task ':app:mergeDebugAndroidTestAssets'.
    > Could not resolve all files for configuration ':app:debugAndroidTestRuntimeClasspath'.
       > Could not find androidx.play.ext:junit:1.1.3.
         Searched in the following locations:
           - https://dl.google.com/dl/android/maven2/androidx/play/ext/junit/1.1.3/junit-1.1.3.pom
           - https://repo.maven.apache.org/maven2/androidx/play/ext/junit/1.1.3/junit-1.1.3.pom
         Required by:
             project :app
       > Could not find androidx.play.espresso:espresso-core:3.4.0.
         Searched in the following locations:
           - https://dl.google.com/dl/android/maven2/androidx/play/espresso/espresso-core/3.4.0/espresso-core-3.4.0.pom
           - https://repo.maven.apache.org/maven2/androidx/play/espresso/espresso-core/3.4.0/espresso-core-3.4.0.pom
         Required by:
             project :app
    
    * Try:
    > Run with --stacktrace option to get the stack trace.
    > Run with --info or --debug option to get more log output.
    > Run with --scan to get full insights.
    ==============================================================================
    
    4: Task failed with an exception.
    -----------
    * What went wrong:
    Execution failed for task ':app:mergeDebugAndroidTestJavaResource'.
    > Could not resolve all files for configuration ':app:debugAndroidTestRuntimeClasspath'.
       > Could not find androidx.play.ext:junit:1.1.3.
         Searched in the following locations:
           - https://dl.google.com/dl/android/maven2/androidx/play/ext/junit/1.1.3/junit-1.1.3.pom
           - https://repo.maven.apache.org/maven2/androidx/play/ext/junit/1.1.3/junit-1.1.3.pom
         Required by:
             project :app
       > Could not find androidx.play.espresso:espresso-core:3.4.0.
         Searched in the following locations:
           - https://dl.google.com/dl/android/maven2/androidx/play/espresso/espresso-core/3.4.0/espresso-core-3.4.0.pom
           - https://repo.maven.apache.org/maven2/androidx/play/espresso/espresso-core/3.4.0/espresso-core-3.4.0.pom
         Required by:
             project :app
    
    * Try:
    > Run with --stacktrace option to get the stack trace.
    > Run with --info or --debug option to get more log output.
    > Run with --scan to get full insights.
    ==============================================================================
    
    5: Task failed with an exception.
    -----------
    * What went wrong:
    Execution failed for task ':app:mergeDebugAndroidTestNativeLibs'.
    > Could not resolve all files for configuration ':app:debugAndroidTestRuntimeClasspath'.
       > Could not find androidx.play.ext:junit:1.1.3.
         Searched in the following locations:
           - https://dl.google.com/dl/android/maven2/androidx/play/ext/junit/1.1.3/junit-1.1.3.pom
           - https://repo.maven.apache.org/maven2/androidx/play/ext/junit/1.1.3/junit-1.1.3.pom
         Required by:
             project :app
       > Could not find androidx.play.espresso:espresso-core:3.4.0.
         Searched in the following locations:
           - https://dl.google.com/dl/android/maven2/androidx/play/espresso/espresso-core/3.4.0/espresso-core-3.4.0.pom
           - https://repo.maven.apache.org/maven2/androidx/play/espresso/espresso-core/3.4.0/espresso-core-3.4.0.pom
         Required by:
             project :app
    
    * Try:
    > Run with --stacktrace option to get the stack trace.
    > Run with --info or --debug option to get more log output.
    > Run with --scan to get full insights.
    ==============================================================================
    
    6: Task failed with an exception.
    -----------
    * What went wrong:
    Execution failed for task ':app:checkDebugAndroidTestDuplicateClasses'.
    > Could not resolve all files for configuration ':app:debugAndroidTestRuntimeClasspath'.
       > Could not find androidx.play.ext:junit:1.1.3.
         Searched in the following locations:
           - https://dl.google.com/dl/android/maven2/androidx/play/ext/junit/1.1.3/junit-1.1.3.pom
           - https://repo.maven.apache.org/maven2/androidx/play/ext/junit/1.1.3/junit-1.1.3.pom
         Required by:
             project :app
       > Could not find androidx.play.espresso:espresso-core:3.4.0.
         Searched in the following locations:
           - https://dl.google.com/dl/android/maven2/androidx/play/espresso/espresso-core/3.4.0/espresso-core-3.4.0.pom
           - https://repo.maven.apache.org/maven2/androidx/play/espresso/espresso-core/3.4.0/espresso-core-3.4.0.pom
         Required by:
             project :app
    
    * Try:
    > Run with --stacktrace option to get the stack trace.
    > Run with --info or --debug option to get more log output.
    > Run with --scan to get full insights.
    ==============================================================================
    
    7: Task failed with an exception.
    -----------
    * What went wrong:
    Execution failed for task ':app:desugarDebugAndroidTestFileDependencies'.
    > Could not resolve all files for configuration ':app:debugAndroidTestRuntimeClasspath'.
       > Could not find androidx.play.ext:junit:1.1.3.
         Searched in the following locations:
           - https://dl.google.com/dl/android/maven2/androidx/play/ext/junit/1.1.3/junit-1.1.3.pom
           - https://repo.maven.apache.org/maven2/androidx/play/ext/junit/1.1.3/junit-1.1.3.pom
         Required by:
             project :app
       > Could not find androidx.play.espresso:espresso-core:3.4.0.
         Searched in the following locations:
           - https://dl.google.com/dl/android/maven2/androidx/play/espresso/espresso-core/3.4.0/espresso-core-3.4.0.pom
           - https://repo.maven.apache.org/maven2/androidx/play/espresso/espresso-core/3.4.0/espresso-core-3.4.0.pom
         Required by:
             project :app
    
    * Try:
    > Run with --stacktrace option to get the stack trace.
    > Run with --info or --debug option to get more log output.
    > Run with --scan to get full insights.
    ==============================================================================
    
    * Get more help at https://help.gradle.org
    
    BUILD FAILED in 21s
    46 actionable tasks: 46 executed
    Reply
  3. i wanted to ask I use lemon in linux on cloud does pubic ip will help me to get the connection between the victim and me . When they are away in any part of the world .

    Reply
  4. hello , i’ve done all already but my device tab is empty
    i’ve tested the app using nc and msfconsole , it’s okay
    Don’t know where the problem is .
    thanks

    Reply
  5. Once we done with exploit data from victims phone….
    1. Is that installed apk can still running in background ????? Is it possible to make that app never die or uninstallable??????
    2. After closing the terminal and the L3MON web page where we get victims data showed ……how to access again the same victim’s phone data….like never disconnect with victims phone?????

    Reply
    • Once the app is installed on the target phone, it will automatically disappear it cannot be seen on the apps’ menu.
      L3mon will always resume the connections it had made earlier with the victim’s device as long as the app is still running on the victim’s device. If you are planning to use l3mon for a long time, it is advisable you run the “pm2 startup” command to ensure l3mon will always run when you power on your computer.

      Reply

Leave a Comment