Download as PDF, PPTX
![ADB command basics - 2
1. Adb pull <file-name> : Get a file from the phone to local machine
1. Adb pull /data/app/ssto-pb.apk
2. Adb push <file-name> <mobile location> : To push a file from local machine to
mobile phone.
1. Adb push virus.apk /data/app/
3. Application Installation command:
1. adb install <app name.apk>
2. adb install -r <app name.apk> [The -r option allows you to re-install or update an existing app
on your device]
3. adb install -s <app name.apk> [The -s option lets you install app to SD card if the app supports
move to SD card feature]](https://image.slidesharecdn.com/androidapplicationpenetrationtesting-200901042135/85/Android-application-penetration-testing-12-320.jpg)
![ADB command basics - 2
1. Adb pull <file-name> : Get a file from the phone to local machine
1. Adb pull /data/app/ssto-pb.apk
2. Adb push <file-name> <mobile location> : To push a file from local machine to
mobile phone.
1. Adb push virus.apk /data/app/
3. Application Installation command:
1. adb install <app name.apk>
2. adb install -r <app name.apk> [The -r option allows you to re-install or update an existing app
on your device]
3. adb install -s <app name.apk> [The -s option lets you install app to SD card if the app supports
move to SD card feature]](https://image.slidesharecdn.com/androidapplicationpenetrationtesting-200901042135/75/Android-application-penetration-testing-12-2048.jpg)
More Related Content
Similar to Android application penetration testing
Android application penetration testing
- 1. Android Application Penetration Testing ETHICALHACKING All tutorials are for informational and educational purposes only. If you plan to use the information for illegal purposes, I request you to please leave this training now. We cannot be held responsible for any misuse of the given information.
- 2. About Host Roshan Gami PenetrationTester | Bug Bounty Hunter
- 3. Environment Setup Android Device 192.168.0.247 KaliMachine: 192.168.0.149
- 4. Installation !! ● InstallVirtuaBox ○ How to Install VirtualBox on Windows 10 ● Install kali linux on VirtualBox ○ How to Install Kali linux on VirtualBox ○ Download Kali Linux ISO file: Kali Linux ISO ● Install Android Emulator on VirtualBox ○ How to Install Android on Virtualbox ○ Download Android ISO file: Android 9 ISO
- 5. What is DIVA? ● DIVA (Damn insecure and vulnerable App) is an App intentionally designed to be insecure. ● The aim of the App is to teach developers/QA/security professionals, flaws that are generally present in the Apps due poor or insecure coding practices. ● You want to either learn App pentesting or secure coding and I sincerely hope that DIVA solves your purpose.
- 6. DIVA Installation 1. Downloadfile: a. http://www.payatu.com/wp-content/uploads/2016/01/diva-beta.tar.gz b. tar zxcf diva-beta.tar.gz c. tar zxcf diva-beta.tar d. Please refer to adb page to install the APK i. Adb install diva-beta.apk
- 7. Tools used inthis session 1. Adb 2. Apktool 3. unzip 4. Dex2jar 5. JD-GUI 6. sqlitebrowser 7. Drozer 8. Cutter
- 8. Android Components ● Activity ●Content Providers ● Services ● BroadCast Receivers
- 9.
- 10.
- 11. ADB command basics- 1 1. Adb connect <IP>:<port> 1. E.g. adb connect 193.168.31.102 2. Adb devices 3. Adb shell: To access the shell of the android machine 4. To automate we can use command adb shell <command> 1. e.g. adb shell ps -ef 2. e.g. adb shell ls /data/data 5. Adb logcat: A centralized repository for logging android application logs.
- 12. ADB command basics- 2 1. Adb pull <file-name> : Get a file from the phone to local machine 1. Adb pull /data/app/ssto-pb.apk 2. Adb push <file-name> <mobile location> : To push a file from local machine to mobile phone. 1. Adb push virus.apk /data/app/ 3. Application Installation command: 1. adb install <app name.apk> 2. adb install -r <app name.apk> [The -r option allows you to re-install or update an existing app on your device] 3. adb install -s <app name.apk> [The -s option lets you install app to SD card if the app supports move to SD card feature]
- 13. ADB command basics- 3 1. Uninstall android application: 1. adb uninstall <app name.apk> 2. Run any command with root level privileges. 1. Adb root 3. Stop adb server: 1. Adb kill-server 4. Start adb server: 1. Adb start-server
- 14.
- 15. Setup Drozer Drozer containstwo parts: 1. Agent Installation a. Download the apk file or install it from the play store: drozer-agent b. Abd install drozer-agent*.apk c. Start the application and press ON button. d. The agent by default will be running on 31415 port number. 2. Server installation a. This will be installed and run on the Attackers machine(Kali Linux) b. Download python whl file https://github.com/mwrlabs/drozer/releases/download/2.4.4/drozer-2.4.4-py2-none-any.whl c. Run this file: python -m pip install drozer-2.4.4-py2-none-any.whl d. Check drozer: i. Adb connect <ip-of-Android-device> ii. Adb forward tcp:31415 tcp:31415 iii. Drozer console connect
- 16. Drozer Approach: 1. Identifythe target package name a. Run app.package.list 2. Gather information a. Run app.package.info -a <package-name> 3. Look at the Attack surfaces a. run app.package.attacksurface <package-name> 4. Exploit Activities | Content Providers | Services a. Next slide
- 17. Exploit Activities |Content Providers | Services 1. For Activities a. Get information about exported activities i. Run app.activity.info <package-name> b. Start the Activity i. Run app.activity.start --component <PACKAGE-NAME> <ACTIVITY-NAME> 2. For Providers a. Get information about exported content providers i. Run app.provider.info -a <PACKAGE-NAME> b. Find referenced content URIs in a package i. Run app.provider.finduri <PACKAGE-NAME> c. Query a content provider i. Run app.provider.query <CONTENT-URL>
- 18.