PDA

View Full Version : Android Pen Testing : Awesome presentation



Anant Shrivastava
11-01-2011, 11:04 PM
Hi All,

found this awesome presentation

http://securitycompass.com/conferences/downloads/sector_bust_a_cap_in_an_android_app.pdf

abhaythehero
11-02-2011, 12:18 AM
yess this is an excellent presentation. I read it on Twitter the other day but forgot to share. Hey Anant, I read all that adb shell working in the presentation . Would be very nice of you if you could sometime help me on understanding what is adb shell and how they used it in presentation.

B/w Security Compass did make a very nice video of bypassing Pattern lock which is so common on all Android phones. It is kinda similar to the grub hacking (http://www.garage4hackers.com/f49/buys-protecting-grub-925.html) we do get root access on Linux boxes.


http://www.youtube.com/watch?v=X7McMB_Gbj8

Anant Shrivastava
11-02-2011, 12:29 PM
adb is basically android debug bridge.

its a service provided by google for helping debugging.

in this case some of the common commands associated with adb are used.

adb shell -> allows you to run shell on android device. (you will get logedin as normal user (shell) or root depending on the configuration of the machine. REMEMBER by PPT on security issues.)

adb remount -> by default /system should be readonly but remount can mount it as read write.

adb pull / push -> pull file from device or push file to device.

adb logcat -> its a dmesg kind of stuff for android. (we do have dmesg in it too.)

Just saw slide 60 has full details on adb.

generally we get to adb shell we login to toolbox shell.

parallel shells like busybox or even bash could be run.

hope this helps.

neo
11-03-2011, 10:42 AM
That was a good presentation bro. I remembered old college days of Burning ROMs in my Samsung mobile. :)

abhaythehero
11-22-2011, 03:50 PM
Here is another nice video of Joe Mccray's talk at Hacktivity 2011 >>

Pentesting Mobile Applications


http://vimeo.com/31994652

the_empty
12-05-2011, 01:38 PM
another paper which i found useful.
Just for records -

http://www.mcafee.com/au/resources/white-papers/foundstone/wp-pen-testing-android-apps.pdf

Regards,
the_emtpy

abhaythehero
08-07-2012, 08:46 PM
Android Security Bookmark List. It is a collection of projects and android apps related to infosec >> AndroidSecurityList - android-security-list - Any program/app/apk/little binary complied bits that does neat stuff related to pentesting, security or APT Cyb0r H4xZ0r?-n with the mobile platform known as ANDROID - a list of android programs for pente (http://code.google.com/p/android-security-list/wiki/AndroidSecurityList)

Anant Shrivastava
08-08-2012, 08:09 PM
Android Security Bookmark List. It is a collection of projects and android apps related to infosec >> AndroidSecurityList - android-security-list - Any program/app/apk/little binary complied bits that does neat stuff related to pentesting, security or APT Cyb0r H4xZ0r?-n with the mobile platform known as ANDROID - a list of android programs for pente (http://code.google.com/p/android-security-list/wiki/AndroidSecurityList)

Will see how i can integrate it with Android Tamer. :P