Metasploit-framework: Evil-droid binded App Permission issue

Created on 6 Jun 2020  路  6Comments  路  Source: rapid7/metasploit-framework

Steps to reproduce

How'd you do it?

  1. ...I bind an App with a payload. Done successfully but when i installed it in the phone it takes no permission. it provide then only a meterpreter session but perform nothing. when I execute shell command, it executed but while giving other commands like CD / cd sdcard and then ls it simply says "permission denied"

  2. ...Pls let me know what is missing at auto binding by Evil-droid? why it doesnt ask for permissions?

    AN UPDATE TO THE PROBLEM

I installed the the App where I had injected payload through Evil-Droid. At "Install" it says no permission required to install this app. But as I got further and then opened the App to get further. The app then asked me for location and storage permission. I permitted both location and storage. After this I was only able to:

a. shell, cd /, cd sdcard and ls.
b. I was able to download files from sdcard

BUT

c. No success to "dump_calllog" dump bla bla bla
d. Non of the command working from "meterpretter" prompt other than shell
e. After few minutes sessions become dead
f. After clicking on the app's icon in the phone it should connect again but no return
(It may be noted that if someone makes a payload app without binding in Evil-Droid
and doesn't hide it after installation in the phone, clicking on it's icon enables you to
connect time and again if meterpreter session dies)

Stale question
Source
picture mobile3310

All 6 comments

same problem here

march0s1as picture march0s1as on 7 Jun 2020

This sounds like it may be an issue more specific to Evil-Droid. Have you tried raising an issue on their issue tracker at https://github.com/M4sc3r4n0/Evil-Droid?

gwillcox-r7 picture gwillcox-r7 on 7 Jun 2020
👍1

This sounds like it may be an issue more specific to Evil-Droid. Have you tried raising an issue on their issue tracker at https://github.com/M4sc3r4n0/Evil-Droid?

No friend I am not aware of how to put it with them. Your link providing me guidance and I am going to put it there as well. It may be or may not be specific issue of Evil-Droid because issue is coming after embedding the payload which may be a standard process as I think but not strict to it and agreed with you. Thank you for respond and help.

mobile3310 picture mobile3310 on 8 Jun 2020

Hi. My problem was solved.

I downloaded another APK and got access to the permissions (camera, sdcard, etc ...)

march0s1as picture march0s1as on 8 Jun 2020
🎉1

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It鈥檚 been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] picture github-actions[bot] on 14 Sep 2020

Closing this issue as there appears to be a known workaround and I've not seen any updates to this issue in several months.

gwillcox-r7 picture gwillcox-r7 on 14 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jecoliho picture jecoliho  路  3Comments
wvu-r7 picture wvu-r7  路  3Comments
Sonya2010 picture Sonya2010  路  3Comments
bugshere picture bugshere  路  3Comments
0x27 picture 0x27  路  3Comments