Android Exploitation Setting up the Lab

I will be demonstrating today how to setup drozer and inseucrebankv2 for android exploitation.

Prerequisites:

I’m going to assume you have Kali Linux setup in a virtual machine, and you know the basics of Kali.

Let’s Begin

Type in the following command to install drozer.

apt-get install drozer

Now type in this command to install ABD (Android Debug Bridge).

apt-get install adb

Now we need to set up the insecureBankv2

https://github.com/dineshshetty/Android-InsecureBankv2

git clone https://github.com/dineshshetty/Android-InsecureBankv2.git

Let’s install all the required modules.

cd AndroLabServer/ && pip install -r requirements.txt

Now let’s run the app.

python app.py

Now plug in your device and copy the InsecureBankV2.apk file across and install it

or type in.

adb install InsecureBankV2.apk

We need to forward the connection to our VM (Virtual Machine)

adb forward tcp:31415 tcp:31415

Now we need to connect to drozer so type in.

drozer console connect

Go to the preferences

Type in the IP Address of the machine that is running the app.py

Use the credentials dinesh/Dinesh@123$ or jack/Jack@123$ and start using the application.

Demonstration