Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

msfvenom inject apk not modify original Android permissions #12810

Closed
4 tasks
b3d3c opened this issue Jan 10, 2020 · 6 comments
Closed
4 tasks

msfvenom inject apk not modify original Android permissions #12810

b3d3c opened this issue Jan 10, 2020 · 6 comments
Labels
android Stale Marks an issue as stale, to be closed if no action is taken

Comments

@b3d3c
Copy link

b3d3c commented Jan 10, 2020

Steps to reproduce

How'd you do it?

I am testing everything in Android 9.

I am using msfvenom to backdoor an Android apk. It is supposed that msfvenom adds extra permissions to original AndroidManifest:

[*] Poisoning the manifest with meterpreter permissions..
[*] Adding <uses-permission android:name="android.permission.READ_CONTACTS"/>
[*] Adding <uses-permission android:name="android.permission.CHANGE_WIFI_STATE"/>
[*] Adding <uses-permission android:name="android.permission.CALL_PHONE"/>
[*] Adding <uses-permission android:name="android.permission.RECORD_AUDIO"/>
...

When I install the app in the Android phone, it just asks to allow default app permissions and not the injected ones.

Expected behavior

What should happen?
When the apk is opening at the first time, it should ask for the extra permissions.

Current behavior

What happens instead?
It just asks for the original ones.

System stuff

Metasploit version

metasploit v5.0.60-dev

I installed Metasploit with:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall

OS

What OS are you running Metasploit on?
Kali linux 2019 4 and Android 9
@lawlit24
Copy link

same problem is there a solution ??

@github-actions
Copy link

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

@github-actions github-actions bot added the Stale Marks an issue as stale, to be closed if no action is taken label Oct 15, 2020
@github-actions
Copy link

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it.
Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

@karpiyon
Copy link

same for me - is this solved? If yes what should i do?

@bcoles
Copy link
Contributor

bcoles commented Mar 13, 2022

same problem is there a solution ??
same for me - is this solved? If yes what should i do?

No solution. The issue is being tracked here: #16208.

@karpiyon
Copy link

I believe I found the root cause. It is the:

sdkInfo:
  minSdkVersion: '10'
  targetSdkVersion: '17'

In the apktool.yml.
You can use apktool to decompile the final apk, modify the apk tool with the values above, recompile and sign.

What I am unable to do is to make the payload persistent.
If anyone knows how to do that please advice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
android Stale Marks an issue as stale, to be closed if no action is taken
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bcoles @karpiyon @space-r7 @b3d3c @lawlit24