Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Android Overhaul #19154

Open
h00die opened this issue May 2, 2024 · 1 comment
Open

Android Overhaul #19154

h00die opened this issue May 2, 2024 · 1 comment
Labels
bug suggestion-feature New feature suggestions

Comments

@h00die
Copy link
Contributor

h00die commented May 2, 2024
edited

I wanted to start documenting some issues/enhancements for Android, as per slack convo.

The android payload was amazing, but @timwr (and whoever else has been working on it) hasn't had time to keep it up to date. I haven't played around with it for a while either, but am using it now for a presentation to children.

Some ideas:

  1. check for new exploits, last one for an app was one I did but it was more web server backdoor than anything. prob some chrome ones out there? maybe? Can we get a priv esc?
  2. I started coding a new post module/payload feature to pop up a fake unlock screen if the user uses a pin/passcode. much easier to ask for the password than get a hash. I never finished it, mainly because I hate java.
  3. the payload seems to be losing newer compatibility while trying to maintain older compatibility. I have a ZTE android 6.0.1 I use for demos, and all the payload stuff works great on there. a Samsung galaxy a03s on android 13 installs and some things work, but many give unexpected permissions errors (I believe part of android payload permissions not registered #16208 is related). Maybe let a user pick which SDK version(s) they want to use. It could even be simple like 'pre android 6' and 'post android 6' kind of thing. I think the new android permission model is actually better for what we want anyways since it wont list an entire screen of permissions, but pop them up as we call things that need them. Likely a better scenario.
  4. could we get a flag in msfvenom to change the name from mainActivity, and maybe set a custom icon?
  5. right now it seems like a lot of the instructions talk about signing your apk, maybe that could be built in or auto chained?

Just throwing this out there as it seems like a neglected, but still often used feature of metasploit. happy to hear some thoughts, but I don't know java, and haven't messed around with android phone hacking much.
@h00die h00die added bug suggestion-feature New feature suggestions labels May 2, 2024
@bcoles
Copy link
Contributor

bcoles commented May 2, 2024 

3. the payload seems to be losing newer compatibility while trying to maintain older compatibility. I have a ZTE android 6.0.1 I use for demos, and all the payload stuff works great on there. a Samsung galaxy a03s on android 13 installs and some things work, but many give unexpected permissions errors (I believe part of [android payload permissions not registered #16208](https://github.com/rapid7/metasploit-framework/issues/16208) is related). Maybe let a user pick which SDK version(s) they want to use. It could even be simple like 'pre android 6' and 'post android 6' kind of thing. I think the new android permission model is actually better for what we want anyways since it wont list an entire screen of permissions, but pop them up as we call things that need them. Likely a better scenario.

rapid7/metasploit-payloads#695 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug suggestion-feature New feature suggestions
Projects
Metasploit Kanban
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bcoles @h00die