search

georgiaw / Smartphone-Pentest-Framework

Repository for the Smartphone Pentest Framework (SPF)
452 stars 192 forks source link

Generate agent error #22

Closed BaldyBadgersRunningRoundMyBrain closed 8 years ago

BaldyBadgersRunningRoundMyBrain commented 10 years ago

First off thank you so much for putting in your time and effort to make such a cool tool. I'v been trying to generate a agent app using maps demo and the blank front but continue to have the same errors I'v tried this on a ubuntu 32 bit machine for the last two days without any luck now I'm using kali 64 bit and I'm getting the same error how can I make this go away

BUILD FAILED /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml:397: SDK Platform Tools component is missing. Please install it with the SDK Manager (tools/android)

Total time: 0 seconds 1.) MapsDemo 2.) BlankFrontEnd

spf>

BaldyBadgersRunningRoundMyBrain commented 10 years ago

I tried generate an agent here then after that failed I tried to backdoor an apk I get the following: ################################################

Welcome to the Smartphone Pentest Framework!

v0.2.6

Georgia Weidman/Bulb Security

################################################

Select An Option from the Menu:

 1.)  Attach Framework to a Deployed Agent/Create Agent
 2.)  Send Commands to an Agent
 3.)  View Information Gathered
 4.)  Attach Framework to a Mobile Modem
 5.)  Run a remote attack
 6.)  Run a social engineering or client side attack
 7.)  Clear/Create Database
 8.)  Use Metasploit
 9.)  Compile code to run on mobile devices
10.)  Install Stuff
11.)  Use Drozer
 0.)  Exit

spf> 1

Select An Option from the Menu:

1.) Attach Framework to a Deployed Agent
2.) Generate Agent App
3.) Copy Agent to Web Server
4.) Import an Agent Template
5.) Backdoor Android APK with Agent
6.) Create APK Signing Key

spf> 2
1.) MapsDemo 2.) BlankFrontEnd

spf> 1 Phone number of the control modem for the agent: 1234567890 Control key for the agent: shitysticks Webserver control path for agent: incoming3

Control Number:1234567890 Control Key:shitysticks ControlPath:incoming3 Is this correct?(y/n) y Updated project.properties Updated local.properties Updated file /root/Smartphone-Pentest-Framework/AgentTemplates/AndroidAgent/proguard-project.txt It seems that there are sub-projects. If you want to update them please use the --subprojects parameter. Resolved location of library project to: /root/Smartphone-Pentest-Framework/AgentTemplates/AndroidAgent Updated project.properties Updated local.properties Updated file /root/Smartphone-Pentest-Framework/AgentTemplates/MapsDemo/proguard-project.txt It seems that there are sub-projects. If you want to update them please use the --subprojects parameter. Updated local.properties Updated file /root/Smartphone-Pentest-Framework/AgentTemplates/MapsDemo/build.xml Updated file /root/Smartphone-Pentest-Framework/AgentTemplates/MapsDemo/proguard-project.txt It seems that there are sub-projects. If you want to update them please use the --subprojects parameter. Buildfile: /root/Smartphone-Pentest-Framework/AgentTemplates/MapsDemo/build.xml

-check-env:

BUILD FAILED /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml:397: SDK Platform Tools component is missing. Please install it with the SDK Manager (tools/android)

Total time: 0 seconds 1.) MapsDemo 2.) BlankFrontEnd

spf> 0

Select An Option from the Menu:

 1.)  Attach Framework to a Deployed Agent/Create Agent
 2.)  Send Commands to an Agent
 3.)  View Information Gathered
 4.)  Attach Framework to a Mobile Modem
 5.)  Run a remote attack
 6.)  Run a social engineering or client side attack
 7.)  Clear/Create Database
 8.)  Use Metasploit
 9.)  Compile code to run on mobile devices
10.)  Install Stuff
11.)  Use Drozer
 0.)  Exit

spf> 1

Select An Option from the Menu:

1.) Attach Framework to a Deployed Agent
2.) Generate Agent App
3.) Copy Agent to Web Server
4.) Import an Agent Template
5.) Backdoor Android APK with Agent
6.) Create APK Signing Key

spf> 5 Puts the Android Agent inside an Android App APK. The application runs normally, with extra functionality. APK to Backdoor: /root/newsjunky.apk I: Baksmaling... I: Loading resource table... I: Loaded. I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /root/apktool/framework/1.apk I: Loaded. I: Regular manifest package... I: Decoding file-resources... I: Decoding values / XMLs... I: Done. I: Copying assets and libs... mkdir: cannot create directory `AndroidAgent/src/com/': File exists Updated local.properties Updated file AndroidAgent/build.xml Updated file AndroidAgent/proguard-project.txt It seems that there are sub-projects. If you want to update them please use the --subprojects parameter. Buildfile: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/build.xml

-check-env:

BUILD FAILED /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml:397: SDK Platform Tools component is missing. Please install it with the SDK Manager (tools/android)

Total time: 0 seconds I: Baksmaling... I: Loading resource table... I: Loaded. I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /root/apktool/framework/1.apk I: Loaded. I: Regular manifest package... I: Decoding file-resources... I: Decoding values / XMLs... I: Done. I: Copying assets and libs... mkdir: cannot create directory `newsjunky/smali/com': File exists Phone number of the control modem for the agent: 1234567890 Control key for the agent: KEYKEY1 Webserver control path for agent: incoming

Control Number:1234567890 Control Key:KEYKEY1 ControlPath:incoming Is this correct?(y/n) y I: Checking whether sources has changed... I: Smaling... I: Checking whether resources has changed... I: Building resources... I: Building apk file... I: Baksmaling... I: Loading resource table... I: Loaded. I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /root/apktool/framework/1.apk I: Loaded. I: Regular manifest package... I: Decoding file-resources... I: Decoding values / XMLs... I: Done. I: Copying assets and libs... I: Checking whether sources has changed... I: Smaling... I: Checking whether resources has changed... I: Building resources... I: Building apk file... Use Android Master Key Vuln?(y/N): n Password for Debug Keystore is android Enter Passphrase for keystore: jarsigner error: java.lang.RuntimeException: keystore load: /root/.android/debug.keystore (No such file or directory)

Select An Option from the Menu:

 1.)  Attach Framework to a Deployed Agent/Create Agent
 2.)  Send Commands to an Agent
 3.)  View Information Gathered
 4.)  Attach Framework to a Mobile Modem
 5.)  Run a remote attack
 6.)  Run a social engineering or client side attack
 7.)  Clear/Create Database
 8.)  Use Metasploit
 9.)  Compile code to run on mobile devices
10.)  Install Stuff
11.)  Use Drozer
 0.)  Exit

spf>

BaldyBadgersRunningRoundMyBrain commented 10 years ago

here's more errors I thought the option to backdoor an apk was working this time but when I put it on the android device there was a problem with parsing the package

Select An Option from the Menu:

1.) Attach Framework to a Deployed Agent
2.) Generate Agent App
3.) Copy Agent to Web Server
4.) Import an Agent Template
5.) Backdoor Android APK with Agent
6.) Create APK Signing Key

spf> 5 Puts the Android Agent inside an Android App APK. The application runs normally, with extra functionality. APK to Backdoor: /root/newsjunky.apk I: Baksmaling... I: Loading resource table... I: Loaded. I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /root/apktool/framework/1.apk I: Loaded. I: Regular manifest package... I: Decoding file-resources... I: Decoding values / XMLs... I: Done. I: Copying assets and libs... mkdir: cannot create directory `AndroidAgent/src/com/': File exists Updated local.properties Updated file AndroidAgent/build.xml Updated file AndroidAgent/proguard-project.txt It seems that there are sub-projects. If you want to update them please use the --subprojects parameter. Buildfile: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/build.xml

-check-env:

BUILD FAILED /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml:397: SDK Platform Tools component is missing. Please install it with the SDK Manager (tools/android)

Total time: 0 seconds I: Baksmaling... I: Loading resource table... I: Loaded. I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /root/apktool/framework/1.apk I: Loaded. I: Regular manifest package... I: Decoding file-resources... I: Decoding values / XMLs... I: Done. I: Copying assets and libs... mkdir: cannot create directory `newsjunky/smali/com': File exists Phone number of the control modem for the agent: 1234567890 Control key for the agent: shitysticks Webserver control path for agent: incoming3

Control Number:1234567890 Control Key:shitysticks ControlPath:incoming3 Is this correct?(y/n) y I: Checking whether sources has changed... I: Smaling... I: Checking whether resources has changed... I: Building resources... I: Building apk file... I: Baksmaling... I: Loading resource table... I: Loaded. I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /root/apktool/framework/1.apk I: Loaded. I: Regular manifest package... I: Decoding file-resources... I: Decoding values / XMLs... I: Done. I: Copying assets and libs... I: Checking whether sources has changed... I: Smaling... I: Checking whether resources has changed... I: Building resources... I: Building apk file... Use Android Master Key Vuln?(y/N): y Archive: /root/newsjunky.apk inflating: unzipped/res/anim/left_in.xml
inflating: unzipped/res/anim/left_out.xml
inflating: unzipped/res/anim/push_left_in.xml
inflating: unzipped/res/anim/push_left_out.xml
inflating: unzipped/res/anim/push_right_in.xml
inflating: unzipped/res/anim/push_right_out.xml
inflating: unzipped/res/anim/right_in.xml
inflating: unzipped/res/anim/right_out.xml
extracting: unzipped/res/drawable/ab_background.9.png
extracting: unzipped/res/drawable/ab_background_light.9.png
inflating: unzipped/res/drawable/activated_background_indicator.xml
extracting: unzipped/res/drawable/banniere.png
inflating: unzipped/res/drawable/circle_background.xml
extracting: unzipped/res/drawable/drawer_shadow.9.png
inflating: unzipped/res/drawable/fabgradient.xml
inflating: unzipped/res/drawable/fabgradient_light.xml
extracting: unzipped/res/drawable/ic_action_refresh.png
extracting: unzipped/res/drawable/ic_action_star.png
extracting: unzipped/res/drawable/ic_action_star_empty.png
extracting: unzipped/res/drawable/ic_drawer.png
inflating: unzipped/res/layout/a_propos.xml
inflating: unzipped/res/layout/activity_flux.xml
inflating: unzipped/res/layout/activity_fragment.xml
inflating: unzipped/res/layout/activity_listview.xml
inflating: unzipped/res/layout/activity_navigation_drawer.xml
inflating: unzipped/res/layout/activity_scrollview.xml
inflating: unzipped/res/layout/categories_list_item.xml
inflating: unzipped/res/layout/categories_list_item_header.xml
inflating: unzipped/res/layout/fabheader_container.xml
inflating: unzipped/res/layout/fab__listview_container.xml
inflating: unzipped/res/layout/fabscrollview_container.xml
inflating: unzipped/res/layout/flux_list_item.xml
inflating: unzipped/res/layout/header.xml
inflating: unzipped/res/layout/posts_list_item.xml
inflating: unzipped/res/layout/refresh.xml
inflating: unzipped/res/layout/scrollbarpanel.xml
inflating: unzipped/res/menu/ajouter_menu.xml
inflating: unzipped/res/menu/list_menu.xml
inflating: unzipped/res/menu/main.xml
inflating: unzipped/res/menu/post_menu.xml
inflating: unzipped/res/xml/searchable.xml
inflating: unzipped/AndroidManifest.xml
extracting: unzipped/resources.arsc
extracting: unzipped/res/drawable-hdpi/ic_launcher.png
extracting: unzipped/res/drawable-mdpi/ic_launcher.png
extracting: unzipped/res/drawable-xhdpi/ic_launcher.png
extracting: unzipped/res/drawable-xxhdpi/ic_launcher.png
inflating: unzipped/res/layout-land/posts_list_item.xml
inflating: unzipped/classes.dex
inflating: unzipped/org/jsoup/nodes/entities-base.properties
inflating: unzipped/org/jsoup/nodes/entities-full.properties
inflating: unzipped/META-INF/MANIFEST.MF
inflating: unzipped/META-INF/CERT.SF
inflating: unzipped/META-INF/CERT.RSA

Select An Option from the Menu:

 1.)  Attach Framework to a Deployed Agent/Create Agent
 2.)  Send Commands to an Agent
 3.)  View Information Gathered
 4.)  Attach Framework to a Mobile Modem
 5.)  Run a remote attack
 6.)  Run a social engineering or client side attack
 7.)  Clear/Create Database
 8.)  Use Metasploit
 9.)  Compile code to run on mobile devices
10.)  Install Stuff
11.)  Use Drozer
 0.)  Exit

spf>

nazimboudeffa commented 10 years ago

hi ! it's true that this is a great work ! personnaly i did'nt tryed to do that for now, did u see on bulb security blog ? here http://www.bulbsecurity.com/backdooring-apks-programmatically-2/ as u can see the blog post is really long and certainely must be taken seriously

BaldyBadgersRunningRoundMyBrain commented 10 years ago

Thank you very much for the reply. I will read it thoroughly and tomorrow I will give it another attempt. Is there anyway I can fix the error I'm receiving when generating an agent?

nazimboudeffa commented 10 years ago

you'r welcome :) i am just an spf and pentesting student the error i am seeing is : 1- jarsigner error: java.lang.RuntimeException: keystore load: /root/.android/debug.keystore (No such file or directory) it certainely mean that there is not a KEYSTORE it's a file or something needed by android compiler to put some secure information on the app 2- /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml:397: SDK Platform Tools component is missing. Please install it with the SDK Manager (tools/android) but here am not really expert in ANT

So take a more deep look in the blog post of bulb security then we'll see :)

for me SPF is an excellent pentest tool and must be used for this kind of things

aaronabuto commented 10 years ago

Is there an IRC channel for Smartphone Pentest Framework?

nazimboudeffa commented 9 years ago

i don't know ?! is there one ?