Inject msfvenom payload in .apk

Hello! I was trying to find an .apk file in order to inject the classic reverse_tcp msfvenom payload. I have tested more than 10 applications with this payload injected in SDK emulator and in Genymotion free emulator(Android 6 & Android 7 respectively). When I launch them, every application crushes.
I would like to ask whether I spend my time for nothing or is there any application that is tested to run with this injected payload. I’ve even tried the application from Hackersploit’s videos and still nothing.

Thanks in advance

Hello mkampo, here HackSh00t

If I had understand you correctly you want to embed a reverse_tcp into an .apk but it's giving you troubles. I'm not sure if it is really matter of the apps you are using or because the method

In case it's the method here you have some videos from hackersploit, they are very usefull:


Follow them in order and if the thing was the process it should be OK

If it's the apk the one giving trouble (less probable option) try it with the app in the videos and tell me if it works

It could be too the reverse shell itself witch I don't think so

Anyway I'm not an expert in this topic it should be OK if you follow the videos step by step, if it doesn't want to work DM me and we will see what it is.

Hello Hacksh00t, thanks for your time answering me.
I tried many apps including the ones from hackersploit. Nothing worked. I had an idea of reverse engineering the evil-droid tool(it automates the whole process). I know I could use only this tool and have my job done, but I don’t want to be a script kiddie and I want to learn the whole process before abusing a tool :P. Anyway, the tool follows an entirely different method. First it denotes the mesfvenom payload’s MainBroadcastReceiver and MainService. Then based on the path where the “main activity” of the original .apk in the Manifest.xml, it creates a stage folder,which includes all the .smali files of the stage file of msfvenom payload’s except of MainActivity.smali. The tricky part is in this step, because in every smali file it replaces the Lcom/metasploit/stage/*.smali with the path of the stage folder in the original .apk. Finally, in the original .apk’s MainActivity(see Manifest.xml) it puts in the first initial method before the return-void the line :“invoke-static {}, L$android_nam/stage/MainService;->start()V” . I followed these steps in a very small .apk(I think it is called St.Louis news) and it worked successfully. But I’ve tried it in the Bitcoin wallet but failed during construction(maybe an issue with the apktool).
Sorry for the long read, but I had to share this information. I don’t like to impose things, but every tutorial in youtube as regards the payload injection is wrong( sorry hackersploit, you are doing an excellent work nevertheless).
I will share the evil-droid script in this thread in case you would like to ckeck it out. It is written in bash. Thank you again!

1 Like