Category Archives: Android

sshdroid

sshdroidOnce sshdroid (https://play.google.com/store/apps/details?id=berserker.android.apps.sshdroid&hl=en) is installed on a rooted device, start zipping around, like in /data/user/0/<packagename>/shared_prefs

But to log on, first might need to turn off “Enable root” in sshdroid. But after logging in to: ssh root@<ip> -p 2222 then simply su.

Loading

Drozer and ADB

ADB, the Android Debugging Bridge. If you want it to connect to Android > 4.2.2, or in other words, anything from this century, you can’t use anything less than ADB 1.0.31. By default, mobisec comes with 1.0.29, so even if the device is rooted, the device appears to be offline.

To upgrade adb: First download android-sdk-linux, from here: https://developer.android.com/studio/index.html near the bottom where is says “Just the tools” Once you download, unzip and all that, cd into android-sdk-linux and run: tools/android update sdk –no-ui

To get 32-bit adb: http://askubuntu.com/questions/710426/android-sdk-on-ubuntu-32bit, as of this writing, it resulted in version 1.0.32 of adb.

Installing Drozer: (Drozer site) Need the .apk for the device, and the platform. Both are available at the Drozer page. Start up the agent on the device, and it should be running on tcp:31415, then do the port forwarding in the platform. If the device and the platform connect, all good, and fire away!

Extra Drozer Modules: https://github.com/mwrlabs/drozer-modules

Drozer User’s Guide:
https://labs.mwrinfosecurity.com/system/assets/502/original/mwri_drozer-users-guide_2013-07-25.pdf

If we get:
mobisec@mobisec:~$ adb devices
List of devices attached
8753afe5 no permissions

Then stop and start the server with sudo.

Another good resource: https://securitycafe.ro/2015/07/08/mobile-penetration-testing-using-drozer/

Video overview by the developer: https://www.concise-courses.com/infosec/drozer/

Loading