search

dana-at-cp / backdoor-apk

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.
Apache License 2.0
2.21k stars 702 forks source link

Commands in handler #42

Closed neo241091 closed 8 years ago

neo241091 commented 8 years ago

Are the commands after getting meterpreter session are limited in this code? Or it's the general issue in the handler. I am not able to run ls or pwd or any commands other than read , uid things like that

dana-at-cp commented 8 years ago

@neo241091 There is no limitation on Android meterpreter but remember that you are getting access to the android system in the context of the backdoor'd application. Here's an example using Adobe Reader:

meterpreter > sysinfo
Computer    : localhost
OS          : Android 4.4.2 - Linux 3.4.67+ (i686)
Meterpreter : java/android
meterpreter > getuid
Server username: u0_a56
meterpreter > pwd
/data/data/com.adobe.reader/files
meterpreter > ls
Listing: /data/data/com.adobe.reader/files
==========================================

Mode             Size  Type  Last modified              Name
----             ----  ----  -------------              ----
40666/rw-rw-rw-  4096  dir   2016-10-04 17:01:58 -0400  Temp

meterpreter >
``

Keep in mind that even on a rooted device your access will be limited. Still need a local privilege escalation exploit to get root on the device.