pull/15/head
Swissky 2024-07-17 11:02:59 +02:00
parent 7d9d46c010
commit b0e9832057
2 changed files with 56 additions and 31 deletions

View File

@ -4,7 +4,14 @@
> Some shares can be accessible without authentication, explore them to find some juicy files
* [ShawnDEvans/smbmap - a handy SMB enumeration tool](https://github.com/ShawnDEvans/smbmap)
* [Pennyw0rth/NetExec](https://github.com/Pennyw0rth/NetExec) - The Network Execution Tool
```ps1
nxc smb 10.0.0.4 -u guest -p '' -M spider_plus
nxc smb 10.0.0.4 -u guest -p '' --get-file \\info.txt.txt infos.txt.txt --share OPENSHARE
```
* [ShawnDEvans/smbmap](https://github.com/ShawnDEvans/smbmap) - a handy SMB enumeration tool
```powershell
smbmap -H 10.10.10.10 # null session
smbmap -H 10.10.10.10 -r PATH # recursive listing
@ -12,7 +19,7 @@
smbmap -H 10.10.10.10 -d "DOMAIN.LOCAL" -u "USERNAME" -p "Password123*"
```
* [byt3bl33d3r/pth-smbclient from path-toolkit](https://github.com/byt3bl33d3r/pth-toolkit)
* [byt3bl33d3r/pth-smbclient](https://github.com/byt3bl33d3r/pth-toolkit) from path-toolkit
```powershell
pth-smbclient -U "AD/ADMINISTRATOR%aad3b435b51404eeaad3b435b51404ee:2[...]A" //192.168.10.100/Share
pth-smbclient -U "AD/ADMINISTRATOR%aad3b435b51404eeaad3b435b51404ee:2[...]A" //192.168.10.100/C$
@ -22,7 +29,7 @@
put # replace a file
```
* [SecureAuthCorp/smbclient from Impacket](https://github.com/SecureAuthCorp/impacket)
* [SecureAuthCorp/smbclient](https://github.com/SecureAuthCorp/impacket) from Impacket
```powershell
smbclient -I 10.10.10.100 -L ACTIVE -N -U ""
Sharename Type Comment
@ -39,7 +46,7 @@
ls # list files
```
* [smbclient - from Samba, ftp-like client to access SMB/CIFS resources on servers](#)
* [smbclient](#) - from Samba, ftp-like client to access SMB/CIFS resources on servers
```powershell
smbclient -U username //10.0.0.1/SYSVOL
smbclient //10.0.0.1/Share
@ -52,8 +59,7 @@
smb: \> mget *
```
* [SnaffCon/Snaffler - a tool for pentesters to help find delicious candy](https://github.com/SnaffCon/Snaffler)
* [SnaffCon/Snaffler](https://github.com/SnaffCon/Snaffler) - a tool for pentesters to help find delicious candy
```ps1
snaffler.exe -s - snaffler.log

View File

@ -1,32 +1,10 @@
# Android Application
## Summary
* [Extract APK](#extract-apk)
* [ADB Method](#adb-method)
* [Stores](#stores)
* [Static Analysis](#static-analysis)
* [Extract Contents From APK](#extract-contents-from-apk)
* [Decompile Data as Java Code](#decompile-data-as-Java-code)
* [Decompile Native Code](#decompile-native-code)
* [Sign and Package APK](#sign-and-package-apk)
* [Mobile Security Framework Static](#mobile-security-framework-static)
* [Online Assets](#online-assets)
* [React Native and Hermes](#react-native-and-hermes)
* [Dynamic Analysis](#dynamic-analysis)
* [Frida](#frida)
* [Runtime Mobile Security](#runtime-mobile-security)
* [Genymotion](#genymotion)
* [Android SDK Emulator](#android-sdk-emulator)
* [Mobile Security Framework Dynamic](#mobile-security-framework-dynamic)
* [SSL Pinning Bypass](#ssl-pinning-bypass)
* [Root Detection Bypass](#root-detection-bypass)
* [References](#references)
## Lab
* [HTB - Pinned](https://app.hackthebox.com/challenges/282)
* [HTB - Manager](https://app.hackthebox.com/challenges/283)
* [payatu/diva-android](https://github.com/payatu/diva-android) - Damn Insecure and vulnerable App for Android
* [HTB VIP - Pinned](https://app.hackthebox.com/challenges/282) - Hack The Box challenge
* [HTB VIP - Manager](https://app.hackthebox.com/challenges/283) - Hack The Box challenge
## Extract APK
@ -362,6 +340,47 @@ Common bypass:
* [multiple-root-detection-bypass/](https://codeshare.frida.re/@KishorBal/multiple-root-detection-bypass/) - `frida --codeshare KishorBal/multiple-root-detection-bypass -f YOUR_BINARY`
## Android Debug Bridge
Android Debug Bridge (ADB) is a versatile command-line tool that enables communication between a computer and an Android device. It facilitates tasks like installing apps, debugging, accessing the device's shell, and transferring files, making it essential for developers and power users in Android development and troubleshooting.
| Command | Description |
|------------------------------|------------------------------------------------|
| `adb devices` | List devices |
| `adb connect <IP>:<PORT>` | Connect to a remote device |
| `adb install app.apk` | Install application |
| `adb uninstall app.apk` | Uninstall application |
| `adb root` | Restarting adbd as root |
| `adb shell pm list packages` | List packages |
| `adb shell pm list packages -3` | Show third party packages |
| `adb shell pm list packages -f` | Show packages and associated files |
| `adb shell pm clear com.test.abc` | Delete all data associated with a package |
| `adb pull <remote> <local>` | Download file |
| `adb push <local> <remote>` | Upload file |
| `adb shell screenrecord /sdcard/demo.mp4`| Record video of the screen |
| `adb shell am start -n com.test.abc` | Start an activity |
| `adb shell am startservice ` | Start a service |
| `adb shell am broadcast ` | Send a broadcast |
| `adb logcat *:D` | Show log with Debug level |
| `adb logcat -c` | Clears the entire log |
## Android Virtual Device
An Android Virtual Device (AVD) is an emulator configuration that mimics a physical Android device. It allows developers to test and run Android apps in a simulated environment with specific hardware profiles, screen sizes, and Android versions, facilitating app testing without needing actual devices.
```ps1
emulator -avd Pixel_8_API_34 -writable-system
```
| Command | Description |
|------------------------------|------------------------------------------------|
| `-tcpdump /path/dumpfile.cap`| Capture all the traffic in a file |
| `-dns-server X.X.X.X` | Set DNS servers |
| `-http-proxy X.X.X.X:8080` | Set HTTP proxy |
| `-port 5556` | Set the ADB TCP port number |
## References
* [Android App Reverse Engineering 101 - @maddiestone](https://www.ragingrock.com/AndroidAppRE/)