Closed BaldyBadgersRunningRoundMyBrain closed 8 years ago
I tried generate an agent here then after that failed I tried to backdoor an apk I get the following: ################################################
################################################
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent/Create Agent
2.) Send Commands to an Agent
3.) View Information Gathered
4.) Attach Framework to a Mobile Modem
5.) Run a remote attack
6.) Run a social engineering or client side attack
7.) Clear/Create Database
8.) Use Metasploit
9.) Compile code to run on mobile devices
10.) Install Stuff
11.) Use Drozer
0.) Exit
spf> 1
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent
2.) Generate Agent App
3.) Copy Agent to Web Server
4.) Import an Agent Template
5.) Backdoor Android APK with Agent
6.) Create APK Signing Key
spf> 2
1.) MapsDemo
2.) BlankFrontEnd
spf> 1 Phone number of the control modem for the agent: 1234567890 Control key for the agent: shitysticks Webserver control path for agent: incoming3
Control Number:1234567890 Control Key:shitysticks ControlPath:incoming3 Is this correct?(y/n) y Updated project.properties Updated local.properties Updated file /root/Smartphone-Pentest-Framework/AgentTemplates/AndroidAgent/proguard-project.txt It seems that there are sub-projects. If you want to update them please use the --subprojects parameter. Resolved location of library project to: /root/Smartphone-Pentest-Framework/AgentTemplates/AndroidAgent Updated project.properties Updated local.properties Updated file /root/Smartphone-Pentest-Framework/AgentTemplates/MapsDemo/proguard-project.txt It seems that there are sub-projects. If you want to update them please use the --subprojects parameter. Updated local.properties Updated file /root/Smartphone-Pentest-Framework/AgentTemplates/MapsDemo/build.xml Updated file /root/Smartphone-Pentest-Framework/AgentTemplates/MapsDemo/proguard-project.txt It seems that there are sub-projects. If you want to update them please use the --subprojects parameter. Buildfile: /root/Smartphone-Pentest-Framework/AgentTemplates/MapsDemo/build.xml
-check-env:
BUILD FAILED /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml:397: SDK Platform Tools component is missing. Please install it with the SDK Manager (tools/android)
Total time: 0 seconds 1.) MapsDemo 2.) BlankFrontEnd
spf> 0
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent/Create Agent
2.) Send Commands to an Agent
3.) View Information Gathered
4.) Attach Framework to a Mobile Modem
5.) Run a remote attack
6.) Run a social engineering or client side attack
7.) Clear/Create Database
8.) Use Metasploit
9.) Compile code to run on mobile devices
10.) Install Stuff
11.) Use Drozer
0.) Exit
spf> 1
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent
2.) Generate Agent App
3.) Copy Agent to Web Server
4.) Import an Agent Template
5.) Backdoor Android APK with Agent
6.) Create APK Signing Key
spf> 5 Puts the Android Agent inside an Android App APK. The application runs normally, with extra functionality. APK to Backdoor: /root/newsjunky.apk I: Baksmaling... I: Loading resource table... I: Loaded. I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /root/apktool/framework/1.apk I: Loaded. I: Regular manifest package... I: Decoding file-resources... I: Decoding values / XMLs... I: Done. I: Copying assets and libs... mkdir: cannot create directory `AndroidAgent/src/com/': File exists Updated local.properties Updated file AndroidAgent/build.xml Updated file AndroidAgent/proguard-project.txt It seems that there are sub-projects. If you want to update them please use the --subprojects parameter. Buildfile: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/build.xml
-check-env:
BUILD FAILED /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml:397: SDK Platform Tools component is missing. Please install it with the SDK Manager (tools/android)
Total time: 0 seconds I: Baksmaling... I: Loading resource table... I: Loaded. I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /root/apktool/framework/1.apk I: Loaded. I: Regular manifest package... I: Decoding file-resources... I: Decoding values / XMLs... I: Done. I: Copying assets and libs... mkdir: cannot create directory `newsjunky/smali/com': File exists Phone number of the control modem for the agent: 1234567890 Control key for the agent: KEYKEY1 Webserver control path for agent: incoming
Control Number:1234567890 Control Key:KEYKEY1 ControlPath:incoming Is this correct?(y/n) y I: Checking whether sources has changed... I: Smaling... I: Checking whether resources has changed... I: Building resources... I: Building apk file... I: Baksmaling... I: Loading resource table... I: Loaded. I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /root/apktool/framework/1.apk I: Loaded. I: Regular manifest package... I: Decoding file-resources... I: Decoding values / XMLs... I: Done. I: Copying assets and libs... I: Checking whether sources has changed... I: Smaling... I: Checking whether resources has changed... I: Building resources... I: Building apk file... Use Android Master Key Vuln?(y/N): n Password for Debug Keystore is android Enter Passphrase for keystore: jarsigner error: java.lang.RuntimeException: keystore load: /root/.android/debug.keystore (No such file or directory)
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent/Create Agent
2.) Send Commands to an Agent
3.) View Information Gathered
4.) Attach Framework to a Mobile Modem
5.) Run a remote attack
6.) Run a social engineering or client side attack
7.) Clear/Create Database
8.) Use Metasploit
9.) Compile code to run on mobile devices
10.) Install Stuff
11.) Use Drozer
0.) Exit
spf>
here's more errors I thought the option to backdoor an apk was working this time but when I put it on the android device there was a problem with parsing the package
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent
2.) Generate Agent App
3.) Copy Agent to Web Server
4.) Import an Agent Template
5.) Backdoor Android APK with Agent
6.) Create APK Signing Key
spf> 5 Puts the Android Agent inside an Android App APK. The application runs normally, with extra functionality. APK to Backdoor: /root/newsjunky.apk I: Baksmaling... I: Loading resource table... I: Loaded. I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /root/apktool/framework/1.apk I: Loaded. I: Regular manifest package... I: Decoding file-resources... I: Decoding values / XMLs... I: Done. I: Copying assets and libs... mkdir: cannot create directory `AndroidAgent/src/com/': File exists Updated local.properties Updated file AndroidAgent/build.xml Updated file AndroidAgent/proguard-project.txt It seems that there are sub-projects. If you want to update them please use the --subprojects parameter. Buildfile: /root/Smartphone-Pentest-Framework/APKs/AndroidAgent/build.xml
-check-env:
BUILD FAILED /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml:397: SDK Platform Tools component is missing. Please install it with the SDK Manager (tools/android)
Total time: 0 seconds I: Baksmaling... I: Loading resource table... I: Loaded. I: Decoding AndroidManifest.xml with resources... I: Loading resource table from file: /root/apktool/framework/1.apk I: Loaded. I: Regular manifest package... I: Decoding file-resources... I: Decoding values / XMLs... I: Done. I: Copying assets and libs... mkdir: cannot create directory `newsjunky/smali/com': File exists Phone number of the control modem for the agent: 1234567890 Control key for the agent: shitysticks Webserver control path for agent: incoming3
Control Number:1234567890
Control Key:shitysticks
ControlPath:incoming3
Is this correct?(y/n) y
I: Checking whether sources has changed...
I: Smaling...
I: Checking whether resources has changed...
I: Building resources...
I: Building apk file...
I: Baksmaling...
I: Loading resource table...
I: Loaded.
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /root/apktool/framework/1.apk
I: Loaded.
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values / XMLs...
I: Done.
I: Copying assets and libs...
I: Checking whether sources has changed...
I: Smaling...
I: Checking whether resources has changed...
I: Building resources...
I: Building apk file...
Use Android Master Key Vuln?(y/N): y
Archive: /root/newsjunky.apk
inflating: unzipped/res/anim/left_in.xml
inflating: unzipped/res/anim/left_out.xml
inflating: unzipped/res/anim/push_left_in.xml
inflating: unzipped/res/anim/push_left_out.xml
inflating: unzipped/res/anim/push_right_in.xml
inflating: unzipped/res/anim/push_right_out.xml
inflating: unzipped/res/anim/right_in.xml
inflating: unzipped/res/anim/right_out.xml
extracting: unzipped/res/drawable/ab_background.9.png
extracting: unzipped/res/drawable/ab_background_light.9.png
inflating: unzipped/res/drawable/activated_background_indicator.xml
extracting: unzipped/res/drawable/banniere.png
inflating: unzipped/res/drawable/circle_background.xml
extracting: unzipped/res/drawable/drawer_shadow.9.png
inflating: unzipped/res/drawable/fabgradient.xml
inflating: unzipped/res/drawable/fabgradient_light.xml
extracting: unzipped/res/drawable/ic_action_refresh.png
extracting: unzipped/res/drawable/ic_action_star.png
extracting: unzipped/res/drawable/ic_action_star_empty.png
extracting: unzipped/res/drawable/ic_drawer.png
inflating: unzipped/res/layout/a_propos.xml
inflating: unzipped/res/layout/activity_flux.xml
inflating: unzipped/res/layout/activity_fragment.xml
inflating: unzipped/res/layout/activity_listview.xml
inflating: unzipped/res/layout/activity_navigation_drawer.xml
inflating: unzipped/res/layout/activity_scrollview.xml
inflating: unzipped/res/layout/categories_list_item.xml
inflating: unzipped/res/layout/categories_list_item_header.xml
inflating: unzipped/res/layout/fabheader_container.xml
inflating: unzipped/res/layout/fab__listview_container.xml
inflating: unzipped/res/layout/fabscrollview_container.xml
inflating: unzipped/res/layout/flux_list_item.xml
inflating: unzipped/res/layout/header.xml
inflating: unzipped/res/layout/posts_list_item.xml
inflating: unzipped/res/layout/refresh.xml
inflating: unzipped/res/layout/scrollbarpanel.xml
inflating: unzipped/res/menu/ajouter_menu.xml
inflating: unzipped/res/menu/list_menu.xml
inflating: unzipped/res/menu/main.xml
inflating: unzipped/res/menu/post_menu.xml
inflating: unzipped/res/xml/searchable.xml
inflating: unzipped/AndroidManifest.xml
extracting: unzipped/resources.arsc
extracting: unzipped/res/drawable-hdpi/ic_launcher.png
extracting: unzipped/res/drawable-mdpi/ic_launcher.png
extracting: unzipped/res/drawable-xhdpi/ic_launcher.png
extracting: unzipped/res/drawable-xxhdpi/ic_launcher.png
inflating: unzipped/res/layout-land/posts_list_item.xml
inflating: unzipped/classes.dex
inflating: unzipped/org/jsoup/nodes/entities-base.properties
inflating: unzipped/org/jsoup/nodes/entities-full.properties
inflating: unzipped/META-INF/MANIFEST.MF
inflating: unzipped/META-INF/CERT.SF
inflating: unzipped/META-INF/CERT.RSA
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent/Create Agent
2.) Send Commands to an Agent
3.) View Information Gathered
4.) Attach Framework to a Mobile Modem
5.) Run a remote attack
6.) Run a social engineering or client side attack
7.) Clear/Create Database
8.) Use Metasploit
9.) Compile code to run on mobile devices
10.) Install Stuff
11.) Use Drozer
0.) Exit
spf>
hi ! it's true that this is a great work ! personnaly i did'nt tryed to do that for now, did u see on bulb security blog ? here http://www.bulbsecurity.com/backdooring-apks-programmatically-2/ as u can see the blog post is really long and certainely must be taken seriously
Thank you very much for the reply. I will read it thoroughly and tomorrow I will give it another attempt. Is there anyway I can fix the error I'm receiving when generating an agent?
you'r welcome :) i am just an spf and pentesting student the error i am seeing is : 1- jarsigner error: java.lang.RuntimeException: keystore load: /root/.android/debug.keystore (No such file or directory) it certainely mean that there is not a KEYSTORE it's a file or something needed by android compiler to put some secure information on the app 2- /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml:397: SDK Platform Tools component is missing. Please install it with the SDK Manager (tools/android) but here am not really expert in ANT
So take a more deep look in the blog post of bulb security then we'll see :)
for me SPF is an excellent pentest tool and must be used for this kind of things
Is there an IRC channel for Smartphone Pentest Framework?
i don't know ?! is there one ?
First off thank you so much for putting in your time and effort to make such a cool tool. I'v been trying to generate a agent app using maps demo and the blank front but continue to have the same errors I'v tried this on a ubuntu 32 bit machine for the last two days without any luck now I'm using kali 64 bit and I'm getting the same error how can I make this go away
BUILD FAILED /root/Smartphone-Pentest-Framework/android-sdk-linux/tools/ant/build.xml:397: SDK Platform Tools component is missing. Please install it with the SDK Manager (tools/android)
Total time: 0 seconds 1.) MapsDemo 2.) BlankFrontEnd
spf>