Search the Community

Hello everyone, This weekend I got a little bored and began toying with Android payloads to just toy with a meterpreter shell to see how it is. Upon doing so, I noticed the payload generated from msfvenom required I ignore my AV to install. So this sent me down a path to bypass antivirus, which come to find out WAS EXTREMELY EASY! I began with apkwash, which simply takes the msfvenom generated payload and modifies it to bypass AV. The result... 0/35 on nodistribute and confirmed manually with AVG Mobile and Kaspersky Mobile. Nice! Perfect for having physical access to a device. Now if only a ducky script could auto-download and install the payload that would make this awesome. Otherwise, you would need a couple minutes alone with their unlocked phone. Then I was wondering about attempts without having physical access. You would want a more convincing app to install. What better way other than injecting the same AV bypassing payload into a legit app? Well, some people had example on how to do this online, but required a long process to manually do it all. Why not script it? Well, each app is different so this can be hit or miss so I allowed manual pieces for those special apps. The result was apkinjector, which with utilizing the apkwash technique of AV bypass is able to make a hidden payload inside another APK. Perfect! Now, the downfall to this is APKTool has issues with certain packages (Facebook, Starbucks, etc). I have had success injecting into about 70-80% of .apk files. Github: https://github.com/jbreed/apkwash https://github.com/jbreed/apkinjector

Hi guys, I just wanted to share a little script I made to trigger PineAP & Karma if my phone connects to my management AP. As soon as my device with the specified MAC address connects to it, PineAP and Karma are started (including some visual feedback using the LEDs). When the device disconnects from the AP, PineAP & Karma are turned off. #!/bin/bash <<COMMENT1 Script that checks if a defined MAC address is connected to the hotspot on interface wlan0-1. If the device is connected, the pineapple automatically starts to generate wifi-honeypots. On client dissconnect the honeypots are turned off. COMMENT1 triggerMAC="FF:FF:FF:FF:FF:FF" #Checks if a client with the defined MAC connects to AP client=`iw dev wlan0-1 station dump | grep "$triggerMAC"` echo "Starting to listen for " #Wait for client to connect while [ -z "$client" ]; do sleep 1 client=`iw dev wlan0-1 station dump | grep "$triggerMAC"` done #Notification to WebGUI on client connect pineapple notify "Client connected" #LED animation for visual feedback for i in {1..3} do pineapple led red on pineapple led blue on pineapple led yellow on sleep 1 pineapple led red off pineapple led blue off pineapple led yellow off sleep 1 done pineapple notify "Firing up PineAP and Karma" #Start PineAP pineapple module PineAP start sleep 5 pineapple led yellow on echo "Starting dogma" #Start dogma pineapple module PineAP dogma start sleep 2 echo "Starting responder" #Start beacon responder pineapple module PineAP responder start sleep 2 #Start collecting SSID pineapple module PineAP harvester start pineapple led blue on sleep 5 #Start Karma, to allow client assosiation echo "Starting Karma" pineapple karma start pineapple led red on sleep 5 #Turn LEDs off => for animation pineapple led red off pineapple led blue off pineapple led yellow off #While client is connected, LED animation is running => visual feedback while [ ! -z "$client" ]; do pineapple led yellow on sleep 1 pineapple led yellow off pineapple led blue on sleep 1 pineapple led blue off pineapple led red on sleep 1 pineapple led red off pineapple led blue on sleep 1 pineapple led blue off #Check if client is still connected client=`iw dev wlan0-1 station dump | grep "$triggerMAC"` done #Stop Pineap pineapple notify "Client diconnected! Stopping PineAP and Karma!" pineapple karma stop sleep 5 pineapple module PineAP stop sleep 5 #Reset LEDs to work in default mode pineapple led reset echo "PineAP was shutdown" Hope you guys like it :) Cheers MrGadget