I attended the Android Penetration testing session organized by Null Bangalore. It was an AWESOME session by Ashish and everyone enjoyed it. This is the first time the Humla session was organized at Flipkart and it was beautiful venue. As I was sure that I may forget it later, I documented the entire session so that it will help me to revise it later as well. I have tried to make it as comprehensive as possible which gives you precise step by step instructions. It also covers most of the errors and solutions
we all faced during the session. This will help all of us to revise whatever we were taught in the Humla Session. It covers everything except the challenges. I am sure once you go through this document it will help you and others as well who were not able to attend.
Cheers !!!
These slides were presented at GDG MeetUp in Bangalore which was held on 21st September 2013. Uploading the slides to help the people who wanted the slide Deck
This talk is going to give an overview of Android operating system and it´s apps ecosystem from the security point of view of a penetration tester.
So lets dive into topics like Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers.
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Anant Shrivastava
This presentation talks about OWASP Mobile Risk M2 i.e. Insecure Data Storage. The agenda of the presentation is to understand the Data Storage and effect of insecure data storage. Then it also had demo's of known insecure data storage flaws. Methods to identify this flaw and various precautions that a developer should take to prevent this flaw.
The presentation was done as part of null/OWASP/G4H Monthly Meet
These slides were presented at GDG MeetUp in Bangalore which was held on 21st September 2013. Uploading the slides to help the people who wanted the slide Deck
This talk is going to give an overview of Android operating system and it´s apps ecosystem from the security point of view of a penetration tester.
So lets dive into topics like Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers.
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Anant Shrivastava
This presentation talks about OWASP Mobile Risk M2 i.e. Insecure Data Storage. The agenda of the presentation is to understand the Data Storage and effect of insecure data storage. Then it also had demo's of known insecure data storage flaws. Methods to identify this flaw and various precautions that a developer should take to prevent this flaw.
The presentation was done as part of null/OWASP/G4H Monthly Meet
This paper attempts to look behind the wheels of android and keeping special focus on custom rom’s and basically check for security misconfiguration’s which could yield to device compromise, which may result in malware infection or data theft.
The incorporation of Security-Enhanced Linux in Android (SEAndroid) is an important security enhancement to the platform.
Android is built on top of the Linux kernel, with a collection of traditional and customized Linux libraries and daemons.
....
In this article we will be the focusing on all the aspects of Phishing attacks including the technological advancements, exploitation, post exploitation techniques and the countermeasures techniques against Advanced Phishing” The Art of Stealing” .
We will also learn about payloads , Web Application attacks and Network Attacks and how they contribute to advanced phishing attacks.
This paper attempts to look behind the wheels of android and keeping special focus on custom rom’s and basically check for security misconfiguration’s which could yield to device compromise, which may result in malware infection or data theft.
The incorporation of Security-Enhanced Linux in Android (SEAndroid) is an important security enhancement to the platform.
Android is built on top of the Linux kernel, with a collection of traditional and customized Linux libraries and daemons.
....
In this article we will be the focusing on all the aspects of Phishing attacks including the technological advancements, exploitation, post exploitation techniques and the countermeasures techniques against Advanced Phishing” The Art of Stealing” .
We will also learn about payloads , Web Application attacks and Network Attacks and how they contribute to advanced phishing attacks.
Nowadays, like the technology itself, hacking activities against mobile phone is growing very rapidly, both for mobile devices (operating system) or mobile applications, some applications providers even dedicate a penetration testing activity for applications that they created right before it gets released to the public, while others open a bug bounty programs, and sadly the rest just watch and do nothing.
On the other side, malware developer arround the world also already move their main target and has been developing malware to take over the mobile devices which surely keep all our personal/private and our work, some of it even make us to pay for getting it back.
This talks will be focusing more on the trend of mobile device security lately, mobile security penetration testing activity, also in practice, showing several types of common weaknesses/vulnerabiliies within the mobile applications and how the exploitation is done by the attacker, malware is created and planted, until it is successfully to take over the target mobile device.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)Sam Bowne
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/129S/129S_F16.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
The workshop will also provide a thorough guide on how the mobile applications can be attacked and provide an overview of how some of the most important security checks for the applications are applied and get an in-depth understanding of these security checks.
Course Content:
Android Introduction & Basics
Setting up the Pen testing environment
Reverse engineering & runtime manipulation
Application dynamic runtime analysis
Application Components and security issues
Data and Network interception – manipulation and analysis
Defensive Tools & Techniques for Android application
Slides from my beginner level talk on FRIDA and its usage while Pentesting Android Applications. Covers topics like Installation of Frida and Bypassing Pinning and Root Detection using Frida.
With the big delays in the time it takes until an iOS jailbreak is public and stable, it is often not possible to test mobile apps in the latest iOS version. Occasionally customers might also provide builds that only work in iOS versions for which no jailbreak is available. On Android the situation is better, but there can also be problems to root certain phone models. These trends make security testing of mobile apps difficult. This talk will cover approaches to defeat common security mechanisms that must be bypassed in the absence of root/jailbreak.
Android application Pentesting with DIVA. This Course is Divided into three main sections:
1) Prepare your envirnment (Setup Kali Linux and Andriod Emulator)
2) Infomation Gathering (Attack surface)
3) Exploitation
Tools used:
1. Adb
2. Apktool
3. unzip
4. Dex2jar
5. JD-GUI
6. sqlitebrowser
7. Drozer
8. Cutter
I hope you find this session interesting. Thanks for joining !!
This presentation covers web filtering with Squid and DansGuardian, proxy auto-detection, router access control, computer time limits and access control for applications.
Workshop: Functional testing made easy with PHPUnit & Selenium (phpCE Poland,...Ondřej Machulda
Annotated slides for phpCE workshop on November 3, 2017.
Workshop repository: https://github.com/OndraM/selenium-workshop-phpce
The workshop covered:
- setting up local development environment (using Docker)
- practical examples of functional tests implementation
- exploring possibilities of Selenium WebDriver
- parallel test execution using Steward
- hands-on Page Object design pattern
- dealing with asynchronous elements of web-pages (AJAX, JavaScript)
- general tips & tricks how to keep a maintainable suite of functional tests in a long-term
Mobile applications Development - Lecture 9
LAB
PhoneGap Development Environment
Debugging PhoneGap Applications
This presentation has been developed in the context of the Mobile Applications Development course at the Computer Science Department of the University of L’Aquila (Italy).
http://www.di.univaq.it/malavolta
How Android utilizes its Linux core in the heart of its security architecture
Presented at August-Penguin 2015, Israel Open-Source organization conference
http://ap.hamakor.org.il/2015
Public exploit held private : Penetration Testing the researcher’s waytitanlambda
This talk is about how to solve practical challenges faced during pen-testing and exploits. Will help you to understand how it can be done efficiently. Will explore various tips and tricks about it. It will try to solve the common questions like:
0. How do I prepare? What kind of tools I should have?
1. I need to scan the entire network in a faster way?
2. How can I get more accurate results for scanning and fingerprinting?
3. Nessus says it is vulnerable but how can I exploit?
4. What if I know it is vulnerable but I don’t have any exploits available?
5. I am inside the box, compromised it, now what to do?
In short, it will show you the pain points of a typical pen-testing exercise how to deal with it and will help you to reach to “42”, the answer to life, the universe and everything.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Key Trends Shaping the Future of Infrastructure.pdf
My Null Android Penetration Session
1. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 1
Hi Everyone,
I attended the Android Penetration testing session organized by Null Bangalore. It was an AWESOME
session by Ashish and everyone enjoyed it. This is the first time the Humla session was organized at
Flipkart and it was beautiful venue. As I was sure that I may forget it later, I documented the entire
session so that it will help me to revise it later as well. I have tried to make it as comprehensive as
possible which gives you precise step by step instructions. It also covers most of the errors and solutions
we all faced during the session. This will help all of us to revise whatever we were taught in the Humla
Session. It covers everything except the challenges. I am sure once you go through this document it will
help you and others as well who were not able to attend.
Cheers !!!
2. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 2
Install the AppUse VM
Open Android SDK Manager
root@dev-virtual-machine:~/Desktop/AppUse# android
Go to Tool Manage Avd
New
4. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 4
Emulator is rooted
Own device needs to be rooted for this.
root@dev-virtual-machine:~/Desktop/AppUse/.Android/android-sdk-linux_86/tools# emulator -avd Null
Before that lets view which tools are available within AppUse
5. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 5
For those comfortable with explorer Got to-
On desktop Appuse folder
Cntrl+H to view hidden files
6. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 6
To open and configure Burp Right click Use java to open
Configure as seen below
7. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 7
Remember to Tick the selected line for the configuration to be active
Scale is size
-cpu-deplay 0 This tells us that the delay is set to zero i.e there should not be delay
root@dev-virtual-machine:~/Desktop/AppUse/.Android/android-sdk-linux_86/tools# emulator -avd
Null -scale 0.7 -cpu-delay 0 -http-proxy http://127.0.0.1:8080
Few may face errors such as your emulator didn’t open or hangs in that case you need to kill the process
and repeat the above command .This usually happens if you have low RAM or scale value to set to a
large number.
Error 1:- If hangs follow below command
ps aux | grep emulator
kill -9 <pid> if any any avd is open
Error 1:- If there is no DNS found error
Configure your VM setting to Bridged mode
9. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 9
To capture https traffic
Do the following
Open Mozilla Edit tab- Preferences
11. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 11
Select Port Cwiigger CA and press export .Save it on your Desktop.
12. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 12
Rename certificate to
PortSwiggerCA.crt
{ Abd- Android Debugging Bridge- Ref:- http://developer.android.com/tools/help/adb.html
To check the attached devices use the below command:-
root@dev-virtual-machine:~/Desktop/AppUse/Pentest# adb devices
List of devices attached
emulator-5554 device
Lets Push the Certificate to sdcard
13. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 13
After pushing certificate into sdcard .
Go to Device –Menu-Setting-Press security
16. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 16
Give any pin here 1111 I used
Port swigger installed
We are storing certificate in external location .Certificate to be stored in sd card. Android Debug Bridge
(adb) is a versatile command line tool that lets you communicate with an emulator instance or
connected Android-powered device. Install certificate in SD Card.
Copy all apks provided during null session and place them in AppUse VM in any folder of your choice.
18. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 18
Install Apk of FOurgoat
root@dev-virtual-machine:~/Desktop/APK/OWASP-GoatDroid-0.9/OWASP-GoatDroid-
0.9/goatdroid_apps/FourGoats/android_app# adb install OWASP GoatDroid- FourGoats Android
App.apk
Fourgoat is installed and new icon can be seen in ur emulator
After you reach the Apk file location press TAB and enter.
19. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 19
Now do the same process for installing other apk file as well. Rest we can see that after installation we
see a success message .We can also confirm the looking at the device emulator.
root@dev-virtual-machine:~/Desktop/APK/OWASP-GoatDroid-0.9/OWASP-GoatDroid-
0.9/goatdroid_apps/HerdFinancial/android_app# adb install OWASP GoatDroid- Herd Financial
Android App.apk
20. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 20
Open the below selected .You will be able to see the DB info (Server side).
Using right click and run java
Then start webservice for Hear Financial
21. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 21
Go to emulator and press the herd financial app
We have server setup
Click on Menu then click on destination info
22. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 22
Give default port 9888
Click save
23. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 23
After you have logged into the application. The Testing then is just as same as normal Web application
security testing.
Press check balance
Alter the account id to /9876543210
24. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 24
To start the testing you are required to know other user account number
Tools>utilities>Database browser
To transfer fund testing 2
26. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 26
Do the same ip settings by pressing Menudestination info
Let’s see files created by App- Goto Terminal and use below command
adb shell
Every apk will create some files inside
27. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 27
root@android:/ # cd /data/data
root@android:/data/data # ls
We can observe that after apk installation below files were created
org.owasp.goatdroid.fourgoats
org.owasp.goatdroid.herdfinancial
(Location data/data is used for all applications data storeed inside this folder)
root@android:/data/data # cd org.owasp.goatdroid.fourgoats
root@android:/data/data/org.owasp.goatdroid.fourgoats #
We can view the file permissions on each file as well.
Ref below link if you donot have understanding of file permissions format.
(http://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions )
28. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 28
Let’s see what is stored in files by fourgoat.
Read permission to all users. Open the credentials.xml file:-Terminal command
Cat credentials.xml
HardCoded –Username and Password can be seen.
30. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 30
Now We Decompile the apk file for code review
Memory error due to java may occur.If not you will end up with Code file
Refer Below links helpful for tool downloads if any required
31. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 31
http://droiddudes.com/howto-extract-apk-into-readable-java-source-code-and-xml-files/
In this session the below jar was directly provided to me as I ran out of memory so save time :P
32. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 32
Highlighted line in below pic contains ‘1’ as mode set
Ref link for understanding the Vulnerabilty
http://developer.android.com/reference/android/content/Context.html#getSharedPreferences%28java.
lang.String,%20int%29
33. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 33
0 Private mode
1 World readable
2 World writable
4 Multiple process- defines permission for application to use
Second Flaw:-
Hardcoded password
root@dev-virtual-machine:~/Desktop/APK/OWASP-GoatDroid-0.9/OWASP-GoatDroid-
0.9/goatdroid_apps/FourGoats/android_app# adb shell
root@android:/ # cd data/data
root@android:/data/data #
We will use sqlite to read the contents of files stored by fourgoat and herdFinancial in the
data/data folder
34. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 34
root@android:/data/data/org.owasp.goatdroid.fourgoats/databases #sqlite3 userinfo.db
Error Y Bcoz you need to end your sql statement using semicolon at the end.
sqlite> .tables
35. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 35
(List the table inside- .tables)
android_metadata info
sqlite> select * from info;
1|881b71832d7fc841f498f54bf698e0344a557ec42e562981b88f81136175d688dc66b9d4d9fddcec652c8
52a977d789799d7f0745d9f95fe8a625d9942b29c09|goatdroid|true|true|false
Now let’s go for another app which is supposed to be a financial application(Herd Financial).
Error:- File Contents are Encrypted
Need not worry .We have Decrypting method
Lets decompile the app first .Let’s see if we have any clues
36. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 36
this.db = localUserInfoOpenHelper.getWritableDatabase("hammer");
hammer is the key
From above pic we can see the key is stored which is a Bad Practice
Now Installing App which will help us decipher the encrypted db as we have the key from the code
37. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 37
SQL Cipher Decrypt installed -Move db to sdcard as sd card is world readable
root@android:/ # cp data/data/org.owasp.goatdroid.herdfinancial//databases/userinfo.db
/mnt/sdcard
(cp<copy> from <space> <to> location)
38. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 38
Open SQL Cipher Decrypt .Fill the details as above and press ok
In device Press parameter-
1 is location of move file
2 is to be copied to location name
3 is key.
Lets press decrypt and open using sqlite
40. Android Penetration Testing-Goat Droid-Null Bangalore
Avinash Sinha-Null Humla Session-Notes Page 40
Each application has manifest file .Tool name apktool
Apktool d
root@dev-virtual-machine:~/Desktop/APK/OWASP-GoatDroid-0.9/OWASP-GoatDroid-
0.9/goatdroid_apps/FourGoats/android_app# apktool d /Desktop/APK/OWASP-GoatDroid-0.9/OWASP-
GoatDroid-0.9/goatdroid_apps/FourGoats/android_app/OWASP GoatDroid- FourGoats Android App.apk
Three things to check in Manifest file.
Export, Permission and Debugging
Ref Link:- http://developer.android.com/guide/topics/security/permissions.html#manifest
Permission will tell us which provision the app is assigned to use.
Ref Link: https://developer.android.com/guide/topics/manifest/manifest-intro.html#perms
Other Sample Applications :-
Geni motion
Anroid Tamer
Hope you all Njoyed reading this article