swisskyrepo
/
InternalAllTheThings
mirror of https://github.com/swisskyrepo/InternalAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

AVD ADB

pull/15/head
Swissky 2024-07-17 11:02:59 +02:00
parent 7d9d46c010
commit b0e9832057
2 changed files with 56 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/active-directory/internal-shares.md
View File

@ -4,7 +4,14 @@
> Some shares can be accessible without authentication, explore them to find some juicy files > Some shares can be accessible without authentication, explore them to find some juicy files
* [ShawnDEvans/smbmap - a handy SMB enumeration tool](https://github.com/ShawnDEvans/smbmap)
* [Pennyw0rth/NetExec](https://github.com/Pennyw0rth/NetExec) - The Network Execution Tool
```ps1
nxc smb 10.0.0.4 -u guest -p '' -M spider_plus
nxc smb 10.0.0.4 -u guest -p '' --get-file \\info.txt.txt infos.txt.txt --share OPENSHARE
```
* [ShawnDEvans/smbmap](https://github.com/ShawnDEvans/smbmap) - a handy SMB enumeration tool
```powershell ```powershell
smbmap -H 10.10.10.10 # null session smbmap -H 10.10.10.10 # null session
smbmap -H 10.10.10.10 -r PATH # recursive listing smbmap -H 10.10.10.10 -r PATH # recursive listing
@ -12,7 +19,7 @@
smbmap -H 10.10.10.10 -d "DOMAIN.LOCAL" -u "USERNAME" -p "Password123*" smbmap -H 10.10.10.10 -d "DOMAIN.LOCAL" -u "USERNAME" -p "Password123*"
``` ```
* [byt3bl33d3r/pth-smbclient from path-toolkit](https://github.com/byt3bl33d3r/pth-toolkit) * [byt3bl33d3r/pth-smbclient](https://github.com/byt3bl33d3r/pth-toolkit) from path-toolkit
```powershell ```powershell
pth-smbclient -U "AD/ADMINISTRATOR%aad3b435b51404eeaad3b435b51404ee:2[...]A" //192.168.10.100/Share pth-smbclient -U "AD/ADMINISTRATOR%aad3b435b51404eeaad3b435b51404ee:2[...]A" //192.168.10.100/Share
pth-smbclient -U "AD/ADMINISTRATOR%aad3b435b51404eeaad3b435b51404ee:2[...]A" //192.168.10.100/C$ pth-smbclient -U "AD/ADMINISTRATOR%aad3b435b51404eeaad3b435b51404ee:2[...]A" //192.168.10.100/C$
@ -22,7 +29,7 @@
put # replace a file put # replace a file
``` ```
* [SecureAuthCorp/smbclient from Impacket](https://github.com/SecureAuthCorp/impacket) * [SecureAuthCorp/smbclient](https://github.com/SecureAuthCorp/impacket) from Impacket
```powershell ```powershell
smbclient -I 10.10.10.100 -L ACTIVE -N -U "" smbclient -I 10.10.10.100 -L ACTIVE -N -U ""
Sharename Type Comment Sharename Type Comment
@ -39,7 +46,7 @@
ls # list files ls # list files
``` ```
* [smbclient - from Samba, ftp-like client to access SMB/CIFS resources on servers](#) * [smbclient](#) - from Samba, ftp-like client to access SMB/CIFS resources on servers
```powershell ```powershell
smbclient -U username //10.0.0.1/SYSVOL smbclient -U username //10.0.0.1/SYSVOL
smbclient //10.0.0.1/Share smbclient //10.0.0.1/Share
@ -52,8 +59,7 @@
smb: \> mget * smb: \> mget *
``` ```
* [SnaffCon/Snaffler](https://github.com/SnaffCon/Snaffler) - a tool for pentesters to help find delicious candy
* [SnaffCon/Snaffler - a tool for pentesters to help find delicious candy](https://github.com/SnaffCon/Snaffler)
```ps1 ```ps1
snaffler.exe -s - snaffler.log snaffler.exe -s - snaffler.log

69
docs/methodology/android-applications.md
View File

@ -1,32 +1,10 @@
# Android Application # Android Application
## Summary
* [Extract APK](#extract-apk)
* [ADB Method](#adb-method)
* [Stores](#stores)
* [Static Analysis](#static-analysis)
* [Extract Contents From APK](#extract-contents-from-apk)
* [Decompile Data as Java Code](#decompile-data-as-Java-code)
* [Decompile Native Code](#decompile-native-code)
* [Sign and Package APK](#sign-and-package-apk)
* [Mobile Security Framework Static](#mobile-security-framework-static)
* [Online Assets](#online-assets)
* [React Native and Hermes](#react-native-and-hermes)
* [Dynamic Analysis](#dynamic-analysis)
* [Frida](#frida)
* [Runtime Mobile Security](#runtime-mobile-security)
* [Genymotion](#genymotion)
* [Android SDK Emulator](#android-sdk-emulator)
* [Mobile Security Framework Dynamic](#mobile-security-framework-dynamic)
* [SSL Pinning Bypass](#ssl-pinning-bypass)
* [Root Detection Bypass](#root-detection-bypass)
* [References](#references)
## Lab ## Lab
* [HTB - Pinned](https://app.hackthebox.com/challenges/282) * [payatu/diva-android](https://github.com/payatu/diva-android) - Damn Insecure and vulnerable App for Android
* [HTB - Manager](https://app.hackthebox.com/challenges/283) * [HTB VIP - Pinned](https://app.hackthebox.com/challenges/282) - Hack The Box challenge
* [HTB VIP - Manager](https://app.hackthebox.com/challenges/283) - Hack The Box challenge
## Extract APK ## Extract APK
@ -362,6 +340,47 @@ Common bypass:
* [multiple-root-detection-bypass/](https://codeshare.frida.re/@KishorBal/multiple-root-detection-bypass/) - `frida --codeshare KishorBal/multiple-root-detection-bypass -f YOUR_BINARY` * [multiple-root-detection-bypass/](https://codeshare.frida.re/@KishorBal/multiple-root-detection-bypass/) - `frida --codeshare KishorBal/multiple-root-detection-bypass -f YOUR_BINARY`
## Android Debug Bridge
Android Debug Bridge (ADB) is a versatile command-line tool that enables communication between a computer and an Android device. It facilitates tasks like installing apps, debugging, accessing the device's shell, and transferring files, making it essential for developers and power users in Android development and troubleshooting.
| Command | Description |
|------------------------------|------------------------------------------------|
| `adb devices` | List devices |
| `adb connect <IP>:<PORT>` | Connect to a remote device |
| `adb install app.apk` | Install application |
| `adb uninstall app.apk` | Uninstall application |
| `adb root` | Restarting adbd as root |
| `adb shell pm list packages` | List packages |
| `adb shell pm list packages -3` | Show third party packages |
| `adb shell pm list packages -f` | Show packages and associated files |
| `adb shell pm clear com.test.abc` | Delete all data associated with a package |
| `adb pull <remote> <local>` | Download file |
| `adb push <local> <remote>` | Upload file |
| `adb shell screenrecord /sdcard/demo.mp4`| Record video of the screen |
| `adb shell am start -n com.test.abc` | Start an activity |
| `adb shell am startservice ` | Start a service |
| `adb shell am broadcast ` | Send a broadcast |
| `adb logcat *:D` | Show log with Debug level |
| `adb logcat -c` | Clears the entire log |
## Android Virtual Device
An Android Virtual Device (AVD) is an emulator configuration that mimics a physical Android device. It allows developers to test and run Android apps in a simulated environment with specific hardware profiles, screen sizes, and Android versions, facilitating app testing without needing actual devices.
```ps1
emulator -avd Pixel_8_API_34 -writable-system
```
| Command | Description |
|------------------------------|------------------------------------------------|
| `-tcpdump /path/dumpfile.cap`| Capture all the traffic in a file |
| `-dns-server X.X.X.X` | Set DNS servers |
| `-http-proxy X.X.X.X:8080` | Set HTTP proxy |
| `-port 5556` | Set the ADB TCP port number |
## References ## References
* [Android App Reverse Engineering 101 - @maddiestone](https://www.ragingrock.com/AndroidAppRE/) * [Android App Reverse Engineering 101 - @maddiestone](https://www.ragingrock.com/AndroidAppRE/)