Posts Tagged ‘vulnerability’

Many of you may be wondering and searching for Security Testing/Hacking Tutorials of Android Apps. Android is a very popular OS now a days, so every customer wants to have their Android App. It has become inevitable for a Software Tester to learn and find security flaws.

So, here is the simplest attack to steal User Credentials and App Settings.

I will use goatdroid app to demonstrate the attack. Download Link: https://github.com/downloads/jackMannino/OWASP-GoatDroid-Project/OWASP-GoatDroid-0.9.zip

Pre-Requisite:

1. Install Android SDK. Download Link: http://developer.android.com/sdk/index.html

2. Set Platform Tools in Path Environmental Variables. E.g. C:\Program Files (x86)\Android\android-sdk\platform-tools

3. Create Android AVD and start emulator. Tutorial Link: http://developer.android.com/tools/devices/managing-avds.html OR connect device in your computer. Make sure USB Debugging is turned on in Developer Options of Settings

GoatDroid Installation Steps:

1. Unzip GoatDroid and launch goatdroid-0.9.jar. GoatDroid Tutorial Link: https://github.com/jackMannino/OWASP-GoatDroid-Project/wiki/Getting-Started

2. Select FourGoats under Apps and Click on Start Web Service from the right pane

3. Go to “OWASP-GoatDroid-0.9\OWASP-GoatDroid-0.9\goatdroid_apps\FourGoats\android_app” folder

4. Press Shift and Right click on empty space

5. Click on Open command window here. Command Prompt will be opened

6. Type “adb install OWASP GoatDroid- FourGoats Android App.apk”. App will get installed

7. Launch FourGoats app

8. Click on Android Menu button

9. Click on Destination Info

10. Enter your computer’s IP in “Host (Or IP)

11. Enter HTTPS Port as 9888. No need to enter anything in Proxy Host and Proxy Port

12. Click on Save

13. Register an account in FourGoats

14. Launch monitor.bat from “Android\android-sdk\tools” folder. Android Debug Monitor will be opened

15. Observe the app in the left pane and the file structure of android in right, especially /data/data/folder. All installation files, settings and DBs are stored under /data/data folder. You will not be permitted to view inside /data folder if your phone is not rooted. If your using rooted phone or emulator, you can view the files and folders under /data folder

gt1

 

 

 

 

 

 

 

 

 

16. Observe FourGoats app in /data/data/folder

gt2

 

 

 

 

 

 

 

 

 

Follow the below mentioned steps if you are using rooted phone or emulator

1. Type adb pull /data/data/org.owasp.goatdroid.fourgoats C:/goatdroid. All the folders and files inside the app (org.owasp.goatdroid.fourgoats) will be copied in “goatdroid” folder under C drive

gt3

gt4

 

 

 

 

 

 

 

 

 

 

2. Open the goatdroid folder and check the files inside it. You will observe userinfo.db inside databases folder. SQL,Oracle and MySQL RDMS usually have DBs with .sql extension. But .db is SQLite extension

gt6

 

 

 

 

 

3. Download SQLite Browser: Download Link: http://sourceforge.net/projects/sqlitebrowser/

4. Open userinfo.db in SQLite Browser. You will observe user information in it

gt7

 

 

 

 

 

 

 

 

 

5. Go to shared_prefs folder and open credentials.xml file. You will observe user credentials with which you registered FourGoats in Device are displayed here

gt9

 

 

 

 

 

 

 

 

Follow the below mentioned steps if you are not using a rooted device. You have to go inside Android Shell to get the files. Open command prompt and type the commands.

1. To go inside Android Shell: adb shell

2. To fool the system and login as the app developer: run-as org.owasp.goatdroid.fourgoats . “org.owasp.goatdroid.fourgoats” is the package name of the app. To find it, check Android Debug Monitor. Once you type this, you will be under “/data/data/org.owasp.goatdroid.fourgoats” folder

3. To list the files under org.owasp.goatdroid.fourgoats: ls

4. To navigate to databases folder: cd databases

5. To copy userinfo.db from “/data/data/org.owasp.goatdroid.fourgoats/databases” folder to sdcard, which is accessible to the user: cat userinfo.db>/sdcard/userinfo.db

6. To navigate to sdcard: cd /sdcard

7. To check if the userinfo.db is copied properly: ls

8. Navigate to root folder: cd /

9. Execute exit command twice:

exit
exit

10. To copy userinfo.db from sdcard to data folder of C drive: adb pull /sdcard/userinfo.db C:/data

That’s it 🙂

See it’s not too hard, you can now use the same technique in any app, just you need to know the package name of the app as with the same name a folder will be created inside /data/data folder. If you don’t find the package name, trying opening the app in device and then check it in Android Debug Monitor.

Please get back to me if you are stuck in any step 🙂

Advertisements

BackTrack is a Linux-based penetration testing OS that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. It is equipped with tons of security software that you might need.

The Linux installation that it is based on is known as Ubuntu. Ubuntu is known as being a very user friendly operating system. The installation also has several different UI configurations that you can use to get started. There is the gnome desktop interface and KDE interface.

If you are a new user then you might want to go with the Gnome interface since some people seem to think that it is easier. More advanced users might want to try the KDE version of the operating system. It gives you more options to configure the system.

There are several different aspects of the Backtrack operating system that allow it to be the tool of choice for security professionals. One of these is the amount of different categories of security that the operating system maintains software for.

These categories include:

1. Information gathering
2. Vulnerability assessment
3. Exploitation tools
4. Privilege escalation
5. Maintaining access
6. Reverse engineering
7. RFID tools
8. Stress testing
9. Forensics
10. Reporting tools
11. Services
12. Miscellaneous

BackTrack includes many well known security tools including:

1. Metasploit for integration
2. Wi-Fi drivers supporting monitor mode (rfmon mode) and packet injection
3. Aircrack-ng
4. Gerix Wifi Cracker
5. Kismet
6. Nmap
7. Ophcrack
8. Ettercap
9. Wireshark
10. BeEF (Browser Exploitation Framework)
11. Hydra
12. OWASP Mantra Security Framework, a collection of hacking tools, add-ons and scripts based on Firefox
13. Cisco OCS Mass Scanner, a very reliable and fast scanner for Cisco routers with telnet and enabling of a default password.
14. Burpsuite