Monthly Archives: May 2016

Super Simple: Setting a $PATH

Since this is a reference for when I forget:

export PATH=$PATH:<whatever else to add to the path>

522 total views

Getting root

#include <stdio.h>
#include <string.h>

int main()
{
    setuid(0);
    seteuid(0);
    setgid(0);
    setegid(0);
    system("/bin/bash");
    return(0);
}

Save as foo.c
Compile gcc foo.c -o foo
sudo chmod u+s foo
./foo
id

466 total views

sshdroid

Once sshdroid (https://play.google.com/store/apps/details?id=berserker.android.apps.sshdroid&hl=en) is installed on a rooted device, start zipping around, like in /data/user/0/<packagename>/shared_prefs

But to log on, first might need to turn off “Enable root” in sshdroid. But after logging in to: ssh root@<ip> -p 2222 then simply su.

584 total views

Drozer and ADB

ADB, the Android Debugging Bridge. If you want it to connect to Android > 4.2.2, or in other words, anything from this century, you can’t use anything less than ADB 1.0.31. By default, mobisec comes with 1.0.29, so even if the device is rooted, the device appears to be offline.

To upgrade adb: First download android-sdk-linux, from here: https://developer.android.com/studio/index.html near the bottom where is says “Just the tools” Once you download, unzip and all that, cd into android-sdk-linux and run: tools/android update sdk –no-ui

To get 32-bit adb: http://askubuntu.com/questions/710426/android-sdk-on-ubuntu-32bit, as of this writing, it resulted in version 1.0.32 of adb.

Installing Drozer: (Drozer site) Need the .apk for the device, and the platform. Both are available at the Drozer page. Start up the agent on the device, and it should be running on tcp:31415, then do the port forwarding in the platform. If the device and the platform connect, all good, and fire away!

Extra Drozer Modules: https://github.com/mwrlabs/drozer-modules

Drozer User’s Guide:
https://labs.mwrinfosecurity.com/system/assets/502/original/mwri_drozer-users-guide_2013-07-25.pdf

If we get:
mobisec@mobisec:~$ adb devices
List of devices attached
8753afe5 no permissions

Then stop and start the server with sudo.

Another good resource: https://securitycafe.ro/2015/07/08/mobile-penetration-testing-using-drozer/

Video overview by the developer: https://www.concise-courses.com/infosec/drozer/

573 total views

Mobile App Testing

As others have done with their blog, I plan to use this as a repository of things I learn, not a “I’m a ninja on this topic, read this to learn everything!”, quite the opposite actually.

Testing android app, get the .apk file, simply download it onto the device and double click the file to install it. Once the file installs, it will be runnable.

To open an .apk file, change the extension to .zip and unzip it. That will include manifests, xml files of information and dex file(s), which is the actual java code that can be decompiled with something like dex2jar (included in Mobisec). Then simply use JD-GUI to read the class files!

455 total views

Patrick Laverty

Learn it, do it, share it. Trying all three every day.