일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |
- fridump
- fowarding
- m5stack
- goormide
- checkrain
- reverse shell
- IDE
- 모바일보안
- 위변조탐지
- frida-client
- 프록시
- 중요정보검색
- irunit
- android
- 무결성검증
- 메모리취약점
- 웹ide
- goorm
- 3utools
- checkra1n
- ios
- Frida
- m5go
- 안드로이드동적분석
- frida-server
- 무료웹ide
- 동적분석
- frida설정
- 모바일해킹
- frida서버설정
- Today
- Total
WhiteHat Security
[Andorid Penetration] drozer 본문
공격 포인트 찾기
dz> run app.package.attacksurface com.nhn.android.search
Attack Surface:
14 activities exported
18 broadcast receivers exported
0 content providers exported
7 services exported
dz>
Content Provider 찾기
dz> run app.provider.finduri com.nhn.android.search
Scanning com.nhn.android.search...
content://com.nhn.android.search.MarketingInitProvider
content://com.nhn.android.search.com.squareup.picasso/
content://com.nhn.android.search.playback.ipc.preferences/
content://com.nhn.android.search/
content://com.nhn.android.search.firebaseinitprovider/
content://com.nhn.android.search.FacebookInitProvider
content://com.nhn.android.search.playback.ipc.preferences
content://com.nhn.android.search.FacebookInitProvider/
content://com.nhn.android.search.firebaseinitprovider
content://com.nhn.android.search.lifecycle-process/
content://com.nhn.android.search
content://com.nhn.android.search.workmanager-init/
content://com.nhn.android.search.workmanager-init
content://com.nhn.android.search.playback.playlist/
content://com.nhn.android.search.lifecycle-process
content://com.nhn.android.search.MarketingInitProvider/
content://com.nhn.android.search.playback.playlist
content://com.nhn.android.search.com.squareup.picasso
dz>
Content Provider 조회
dz> run app.provider.query content://downloads/my_downloads
| _id | entity | _data | mimetype | visibility | destination | control | status | lastmod | notificationpackage | notificationclass | total_bytes | current_bytes | title | description | uri | is_visible_in_downloads_ui | hint | mediaprovider_uri | deleted | _display_name | _size | downloadmethod | state | dd_primaryMimeType | dd_SecondaryMimeType1 | dd_SecondaryMimeType2 | dd_fileName | dd_vendor | dd_description | dd_contentSize | dd_objUrl | dd_contentSize | dd_notifyurl | dd_majorVersion | range_start | range_end | range_first_end |
dz>
AndroidManifest 파일 조회
dz> run app.package.manifest com.ktshow.cs
<manifest versionCode="50101"
versionName="05.01.00"
package="com.ktshow.cs"
platformBuildVersionCode="24"
platformBuildVersionName="7.0">
<uses-sdk minSdkVersion="9"
targetSdkVersion="25">
</uses-sdk>
<uses-permission name="android.permission.INTERNET">
</uses-permission>
<uses-permission name="android.permission.READ_PHONE_STATE">
</uses-permission>
<uses-permission name="android.permission.ACCESS_NETWORK_STATE">
</uses-permission>
<uses-permission name="android.permission.CHANGE_NETWORK_STATE">
</uses-permission>
<uses-permission name="android.permission.ACCESS_WIFI_STATE">
설치된 패키지 리스트 보기
dz> run app.package.list
com.mobeam.barcodeService (Beaming Service)
com.samsung.android.provider.filterprovider (Filter Provider)
com.sec.android.app.DataCreate (Automation Test)
com.gd.mobicore.pa (RootPA)
com.sec.android.widgetapp.samsungapps (Galaxy Apps Widget)
com.google.android.youtube (YouTube)
com.samsung.android.app.galaxyfinder (S파인더)
com.sec.location.nsflp2 (Samsung Location SDK)
com.sec.android.app.dmb (DMB)
com.samsung.android.themestore (테마 스토어)
패키지 정보 보기
dz> run app.package.info -a com.nhn.android.search
Package: com.nhn.android.search
Application Label: NAVER
Process Name: com.nhn.android.search
Version: 10.14.1
Data Directory: /data/user/0/com.nhn.android.search
APK Path: /data/app/com.nhn.android.search-1/base.apk
UID: 10172
GID: [3002, 3003]
Shared Libraries: [/system/framework/multiwindow.jar]
Shared User ID: null
Uses Permissions:
- android.permission.INTERNET
- android.permission.ACCESS_WIFI_STATE
- android.permission.CHANGE_WIFI_STATE
- android.permission.ACCESS_NETWORK_STATE
- android.permission.CHANGE_NETWORK_STATE
- android.permission.READ_CONTACTS
- android.permission.WRITE_CONTACTS
- android.permission.ACCESS_FINE_LOCATION
- android.permission.ACCESS_COARSE_LOCATION
- android.permission.RECORD_AUDIO
- android.permission.MODIFY_AUDIO_SETTINGS
- android.permission.WRITE_EXTERNAL_STORAGE
- android.permission.READ_EXTERNAL_STORAGE
- android.permission.CAMERA
- android.permission.CALL_PHONE
- android.permission.READ_PHONE_STATE
- android.permission.GET_TASKS
- android.permission.SYSTEM_ALERT_WINDOW
- android.permission.PACKAGE_USAGE_STATS
- android.permission.WAKE_LOCK
- android.permission.EXPAND_STATUS_BAR
- android.permission.GET_ACCOUNTS
- android.permission.USE_CREDENTIALS
- android.permission.MANAGE_ACCOUNTS
- android.permission.AUTHENTICATE_ACCOUNTS
- android.permission.KILL_BACKGROUND_PROCESSES
- android.permission.GET_PACKAGE_SIZE
- android.permission.RECEIVE_BOOT_COMPLETED
- android.permission.REQUEST_INSTALL_PACKAGES
- android.permission.REQUEST_DELETE_PACKAGES
- android.permission.VIBRATE
- com.android.launcher.permission.INSTALL_SHORTCUT
- com.nhn.android.search.permission.NNI_MESSAGE
- org.fidoalliance.uaf.permissions.FIDO_CLIENT
- android.permission.FOREGROUND_SERVICE
- android.permission.FLASHLIGHT
- android.permission.USE_FINGERPRINT
- com.google.android.c2dm.permission.RECEIVE
- com.nhn.android.search.permission.C2D_MESSAGE
- android.permission.BLUETOOTH
Defines Permissions:
- com.nhn.android.search.permission.NNI_MESSAGE
- com.nhn.android.search.permission.C2D_MESSAGE
서비스 조회
dz> run app.service.info -a com.tencent.mm
Package: com.tencent.mm
com.tencent.mm.plugin.wear.model.service.WearDataLayerService
Permission: null
com.tencent.mm.plugin.account.model.AccountAuthenticatorService
Permission: null
com.tencent.mm.plugin.account.model.ContactsSyncService
Permission: null
com.tencent.mm.plugin.rubbishbin.RubbishBinServiceImpl
Permission: null
com.tencent.mm.plugin.fcm.WCFirebaseMessagingService
Permission: null
com.tencent.mm.plugin.fcm.FCMInstanceIDListenerService
Permission: null
com.tencent.mm.plugin.appbrand.jsapi.nfc.hce.HCEService
Permission: android.permission.BIND_NFC_SERVICE
com.google.firebase.messaging.FirebaseMessagingService
Permission: null
com.google.android.gms.auth.api.signin.RevocationBoundService
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION
com.google.firebase.iid.FirebaseInstanceIdService
Permission: null
com.tencent.smtt.sandbox.SandboxedProcessService0
Permission: null
com.tencent.smtt.sandbox.SandboxedProcessService1
Permission: null
Activity 조회
dz> run app.activity.info -a com.nhn.android.search -u
Package: com.nhn.android.search
Exported Activities:
com.nhn.android.search.ui.pages.SchemeProcessNoUIActivity
Permission: null
com.nhn.android.search.ui.pages.SchemeProcessActivity
Permission: null
com.nhn.android.search.setup.SetupActivity
Permission: null
com.nhn.android.search.ui.control.searchwindow.suggest.SearchWindowSuggestListActivity
Permission: null
com.nhn.android.search.keep.KeepShareActivity
Permission: null
com.nhn.android.search.ui.widget.tool.WidgetProcessActivity
Permission: null
com.nhn.android.search.ui.pages.SearchHomePage
Permission: null
ai.clova.cic.clientlib.login.activity.LineLoginRedirectUriActivity
Permission: null
com.nhn.android.naverlogin.OAuthNLoginStartActivity
Permission: null
com.nhn.android.naverlogin.OAuth1LoginStartActivity
Permission: null
com.naver.android.fido.client.NaverFidoClientActivity
Permission: null
com.nhn.android.login.ui.webview.CustomTabsActivity
Permission: null
com.nhn.android.naverlogin.ui.OAuthCustomTabActivity
Permission: null
com.linecorp.linesdk.auth.internal.LineAuthenticationCallbackActivity
Permission: null
Hidden Activities:
com.nhn.android.search.proto.tutorial.TutorialActivity
Permission: null
com.nhn.android.search.ui.home.SearchMainActivity
Permission: null
com.nhn.android.search.ui.recognition.clova.ClovaSearchActivity
Permission: null
com.nhn.android.search.browser.InAppBrowserActivity
Permission: null
Activity 실행
dz> run app.activity.start --component com.nhn.android.search com.naver.android.fido.client.NaverFidoClientActivity
broadcast 확인
dz> run app.broadcast.info --package com.towneers.www
Package: com.towneers.www
com.appsflyer.MultipleInstallBroadcastReceiver
Permission: null
io.branch.referral.InstallListener
Permission: null
com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver
Permission: android.permission.INSTALL_PACKAGES
com.google.firebase.iid.FirebaseInstanceIdReceiver
Permission: com.google.android.c2dm.permission.SEND
com.facebook.CampaignTrackingReceiver
Permission: android.permission.INSTALL_PACKAGES
broadcast 실행
run app.broadcast.send --action theBroadcast --extra string phonenumber 12345 --extra string newpass A1!B2!C3!