Android Janus APK Signature Bypass

Posted by deepcore on November 8, 2019 – 1:20 pm

This Metasploit module exploits CVE-2017-13156 in Android to install a payload into another application. The payload APK will have the same signature and can be installed as an update, preserving the existing data. The vulnerability was fixed in the 5th December 2017 security patch, and was additionally fixed by the APK Signature scheme v2, so only APKs signed with the v1 scheme are vulnerable. Payload handler is disabled, and a multi/handler must be started first.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Net-SNMPd Write Access SNMP-EXTEND-MIB Arbitrary Code Execution rConfig 3.9.2 Command Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Android Janus APK Signature Bypass

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL