Mobile Device Exploitation Cookbook by Unknown
Author:Unknown
Language: eng
Format: epub
Publisher: Packt Publishing
How to do it...
Every pentest starts with fingerprinting. Let us use Drozer for the same. The Drozer User Guide is very helpful for referring to the commands.
The following command can be used to obtain information about an Android application package:
run app.package.info -a <package name>
We used the same to extract the information from the GoatDroid application and found the following results:
Notice that apart from the general information about the application, User Permissions are also listed by Drozer.
Further, let us analyze the attack surface. Drozer's attack surface lists the exposed activities, broadcast receivers, content providers, and services. The in-genuinely exposed ones may be a critical security risk and may provide you access to privileged content.
Drozer has the following command to analyze the attack surface:
run app.package.attacksurface <package name>
We used the same to obtain the attack surface of the Herd Financial application of GoatDroid and the results can be seen in the following screenshot. Notice that one Activity and one Content Provider are exposed.
We chose to attack the content provider to obtain the data stored locally. We used the following Drozer command to analyze the content provider of the same application:
run app.provider.info -a <package name>
This gave us the details of the exposed content provider, which we used in another Drozer command:
run scanner.provider.finduris -a <package name>
We could successfully query the content providers. Lastly, we would be interested in stealing the data stored by this content provider. This is possible via another Drozer command:
run app.provider.query content://<content provider details>/
The entire sequence of events is shown in the following screenshot:
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
What's Done in Darkness by Kayla Perrin(26805)
The Ultimate Python Exercise Book: 700 Practical Exercises for Beginners with Quiz Questions by Copy(20671)
De Souza H. Master the Age of Artificial Intelligences. The Basic Guide...2024 by Unknown(20446)
D:\Jan\FTP\HOL\Work\Alien Breed - Tower Assault CD32 Alien Breed II - The Horror Continues Manual 1.jpg by PDFCreator(20444)
The Fifty Shades Trilogy & Grey by E L James(19306)
Shot Through the Heart: DI Grace Fisher 2 by Isabelle Grey(19259)
Shot Through the Heart by Mercy Celeste(19128)
Wolf & Parchment: New Theory Spice & Wolf, Vol. 10 by Isuna Hasekura and Jyuu Ayakura(17293)
Python GUI Applications using PyQt5 : The hands-on guide to build apps with Python by Verdugo Leire(17227)
Peren F. Statistics for Business and Economics...Essential Formulas 3ed 2025 by Unknown(17075)
Wolf & Parchment: New Theory Spice & Wolf, Vol. 03 by Isuna Hasekura and Jyuu Ayakura & Jyuu Ayakura(16998)
Wolf & Parchment: New Theory Spice & Wolf, Vol. 01 by Isuna Hasekura and Jyuu Ayakura & Jyuu Ayakura(16615)
The Subtle Art of Not Giving a F*ck by Mark Manson(14616)
The 3rd Cycle of the Betrayed Series Collection: Extremely Controversial Historical Thrillers (Betrayed Series Boxed set) by McCray Carolyn(14309)
Stepbrother Stories 2 - 21 Taboo Story Collection (Brother Sister Stepbrother Stepsister Taboo Pseudo Incest Family Virgin Creampie Pregnant Forced Pregnancy Breeding) by Roxi Harding(13967)
Scorched Earth by Nick Kyme(12963)
Drei Generationen auf dem Jakobsweg by Stein Pia(11146)
Suna by Ziefle Pia(11071)
Scythe by Neal Shusterman(10556)
