You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I wanted to start documenting some issues/enhancements for Android, as per slack convo.
The android payload was amazing, but @timwr (and whoever else has been working on it) hasn't had time to keep it up to date. I haven't played around with it for a while either, but am using it now for a presentation to children.
Some ideas:
check for new exploits, last one for an app was one I did but it was more web server backdoor than anything. prob some chrome ones out there? maybe? Can we get a priv esc?
I started coding a new post module/payload feature to pop up a fake unlock screen if the user uses a pin/passcode. much easier to ask for the password than get a hash. I never finished it, mainly because I hate java.
the payload seems to be losing newer compatibility while trying to maintain older compatibility. I have a ZTE android 6.0.1 I use for demos, and all the payload stuff works great on there. a Samsung galaxy a03s on android 13 installs and some things work, but many give unexpected permissions errors (I believe part of android payload permissions not registered #16208 is related). Maybe let a user pick which SDK version(s) they want to use. It could even be simple like 'pre android 6' and 'post android 6' kind of thing. I think the new android permission model is actually better for what we want anyways since it wont list an entire screen of permissions, but pop them up as we call things that need them. Likely a better scenario.
could we get a flag in msfvenom to change the name from mainActivity, and maybe set a custom icon?
right now it seems like a lot of the instructions talk about signing your apk, maybe that could be built in or auto chained?
Just throwing this out there as it seems like a neglected, but still often used feature of metasploit. happy to hear some thoughts, but I don't know java, and haven't messed around with android phone hacking much.
The text was updated successfully, but these errors were encountered:
3. the payload seems to be losing newer compatibility while trying to maintain older compatibility. I have a ZTE android 6.0.1 I use for demos, and all the payload stuff works great on there. a Samsung galaxy a03s on android 13 installs and some things work, but many give unexpected permissions errors (I believe part of [android payload permissions not registered #16208](https://github.com/rapid7/metasploit-framework/issues/16208) is related). Maybe let a user pick which SDK version(s) they want to use. It could even be simple like 'pre android 6' and 'post android 6' kind of thing. I think the new android permission model is actually better for what we want anyways since it wont list an entire screen of permissions, but pop them up as we call things that need them. Likely a better scenario.
I wanted to start documenting some issues/enhancements for Android, as per slack convo.
The android payload was amazing, but @timwr (and whoever else has been working on it) hasn't had time to keep it up to date. I haven't played around with it for a while either, but am using it now for a presentation to children.
Some ideas:
Just throwing this out there as it seems like a neglected, but still often used feature of metasploit. happy to hear some thoughts, but I don't know java, and haven't messed around with android phone hacking much.
The text was updated successfully, but these errors were encountered: