search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
32.92k stars 13.72k forks source link

Android Overhaul #19154

Open h00die opened 2 weeks ago

h00die commented 2 weeks ago

I wanted to start documenting some issues/enhancements for Android, as per slack convo.

The android payload was amazing, but @timwr (and whoever else has been working on it) hasn't had time to keep it up to date. I haven't played around with it for a while either, but am using it now for a presentation to children.

Some ideas:

  1. check for new exploits, last one for an app was one I did but it was more web server backdoor than anything. prob some chrome ones out there? maybe? Can we get a priv esc?
  2. I started coding a new post module/payload feature to pop up a fake unlock screen if the user uses a pin/passcode. much easier to ask for the password than get a hash. I never finished it, mainly because I hate java.
  3. the payload seems to be losing newer compatibility while trying to maintain older compatibility. I have a ZTE android 6.0.1 I use for demos, and all the payload stuff works great on there. a Samsung galaxy a03s on android 13 installs and some things work, but many give unexpected permissions errors (I believe part of https://github.com/rapid7/metasploit-framework/issues/16208 is related). Maybe let a user pick which SDK version(s) they want to use. It could even be simple like 'pre android 6' and 'post android 6' kind of thing. I think the new android permission model is actually better for what we want anyways since it wont list an entire screen of permissions, but pop them up as we call things that need them. Likely a better scenario.
  4. could we get a flag in msfvenom to change the name from mainActivity, and maybe set a custom icon?
  5. right now it seems like a lot of the instructions talk about signing your apk, maybe that could be built in or auto chained?

Just throwing this out there as it seems like a neglected, but still often used feature of metasploit. happy to hear some thoughts, but I don't know java, and haven't messed around with android phone hacking much.

bcoles commented 2 weeks ago 
3. the payload seems to be losing newer compatibility while trying to maintain older compatibility. I have a ZTE android 6.0.1 I use for demos, and all the payload stuff works great on there. a Samsung galaxy a03s on android 13 installs and some things work, but many give unexpected permissions errors (I believe part of [android payload permissions not registered #16208](https://github.com/rapid7/metasploit-framework/issues/16208) is related). Maybe let a user pick which SDK version(s) they want to use. It could even be simple like 'pre android 6' and 'post android 6' kind of thing. I think the new android permission model is actually better for what we want anyways since it wont list an entire screen of permissions, but pop them up as we call things that need them. Likely a better scenario.

https://github.com/rapid7/metasploit-payloads/issues/695#issuecomment-1898051502