Android Penetration Testing-Goat Droid-Null Bangalore Avinash Sinha-Null Humla Session-Notes Page 1 Hi Everyone, I attended the Android Penetration testing session organized by Null Bangalore. It was an AWESOME session by Ashish and everyone enjoyed it. This is the first time the Humla session was organized at Flipkart and it was beautiful venue. As I was sure that I may forget it later, I documented the entire session so that it will help me to revise it later as well. I have tried to make it as comprehensive as possible which gives you precise step by step instructions. It also covers most of the errors and solutions we all faced during the session. This will help all of us to revise whatever we were taught in the Humla Session. It covers everything except the challenges. I am sure once you go through this document it will help you and others as well who were not able to attend. Cheers !!!
I attended the Android Penetration testing session organized by Null Bangalore. It was an AWESOME session by Ashish and everyone enjoyed it. This is the first time the Humla session was organized at Flipkart and it was beautiful venue. As I was sure that I may forget it later, I documented the entire session so that it will help me to revise it later as well. I have tried to make it as comprehensive as possible which gives you precise step by step instructions. It also covers most of the errors and solutions we all faced during the session. This will help all of us to revise whatever we were taught in the Humla Session. It covers everything except the challenges. I am sure once you go through this document it will help you and others as well who were not able to attend.
Cheers !!!
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
I attended the Android Penetration testing session organized by Null Bangalore. It was an AWESOME session by Ashish and everyone enjoyed it. This is the first time the Humla session was organized at Flipkart and it was beautiful venue. As I was sure that I may forget it later, I documented the entire session so that it will help me to revise it later as well. I have tried to make it as comprehensive as possible which gives you precise step by step instructions. It also covers most of the errors and solutions we all faced during the session. This will help all of us to revise whatever we were taught in the Humla Session. It covers everything except the challenges. I am sure once you go through this document it will help you and others as well who were not able to attend.
Few may face errors such as your emulator didn’t open or hangs in that case you need to kill the process and repeat the above command .This usually happens if you have low RAM or scale value to set to a large number.
We are storing certificate in external location .Certificate to be stored in sd card. Android Debug Bridge (adb) is a versatile command line tool that lets you communicate with an emulator instance or connected Android-powered device. Install certificate in SD Card.
Copy all apks provided during null session and place them in AppUse VM in any folder of your choice.
Now do the same process for installing other apk file as well. Rest we can see that after installation we see a success message .We can also confirm the looking at the device emulator.
0 Private mode 1 World readable 2 World writable 4 Multiple process- defines permission for application to use
Second Flaw:- Hardcoded password
root@dev-virtual-machine:~/Desktop/APK/OWASP-GoatDroid-0.9/OWASP-GoatDroid-0.9/goatdroid_apps/FourGoats/android_app# adb shell root@android:/ # cd data/data root@android:/data/data # We will use sqlite to read the contents of files stored by fourgoat and herdFinancial in the data/data folder