1 00:00:00,100 --> 00:00:05,190 - Hello all and welcome to the new video of Android Security and Exploitation 2 00:00:05,190 --> 00:00:09,610 training series by Pentester Academy. My name is Aditya and I'm your course 3 00:00:09,610 --> 00:00:13,720 instructor for this entire training series. You can also check out the 4 00:00:13,720 --> 00:00:18,510 certifications at securitytube-training.com and you 5 00:00:18,510 --> 00:00:23,770 can check out the entire course at PentesterAcademy.com. So in the 6 00:00:23,770 --> 00:00:29,200 previous videos we had a look at how you can us the Drozer to exploit some of the 7 00:00:29,200 --> 00:00:33,600 vulnerabilities found in content providers. In this particular video, we 8 00:00:35,156 --> 00:00:39,440 are going to have a in-depth look into Drozer and how you can script things in 9 00:00:39,440 --> 00:00:43,760 Drozer to perform things much more automatically. So we will have a look at 10 00:00:43,760 --> 00:00:48,170 the very basic script which simply grabs information from your device and 11 00:00:48,170 --> 00:00:53,840 prints out in the Drozer console, which is written by Keith Makan. You can also have 12 00:00:53,840 --> 00:00:57,660 a look at it in it's book called Android Security Cookbook and you can look more 13 00:00:57,660 --> 00:01:03,170 into Drozer Scripting. So you can use Drozer Scripting to build your own private 14 00:01:03,170 --> 00:01:07,350 repositories of all the vulnerabilities and exploits which you discover which is a 15 00:01:07,350 --> 00:01:12,070 great way to show POCs of various vulnerabilities which you find in Android 16 00:01:12,070 --> 00:01:18,580 applications. Now this is the overall structure of a Drozer module. So, you name 17 00:01:18,580 --> 00:01:25,150 the module as let's say ex.device.info and it's based on python. So you can write 18 00:01:25,150 --> 00:01:30,800 scripts in python. You simply input module from drozer.modules. You creat a class 19 00:01:30,800 --> 00:01:35,910 info and you give it name, description, examples, their name of the author, the 20 00:01:35,910 --> 00:01:40,290 kind of license, the path of this particular file and then you have the 21 00:01:40,290 --> 00:01:44,540 execute code block. Now whatever you have to perform, you have to put it inside the 22 00:01:44,540 --> 00:01:50,680 execute block. So you can have a look at the Android developer guide in order to 23 00:01:50,680 --> 00:01:56,270 look at things in which you can extract information from the Android device. If 24 00:01:56,270 --> 00:02:03,560 you look at this particular link which will show you different things which you 25 00:02:03,560 --> 00:02:07,910 can extract from the Android build. You can get the version, you can get the 26 00:02:07,910 --> 00:02:12,800 board, bootloader, brand, CPU type, hardware type, model, radio and these kind 27 00:02:12,800 --> 00:02:18,580 of things. That's what we are going to do in this particular script. We'll simply 28 00:02:18,580 --> 00:02:22,800 use the Android.os.build and from there we'll use the build.board, build. 29 00:02:22,800 --> 00:02:29,090 Manufacturer, build.Radio and these kind of things. Now once you have written the 30 00:02:29,090 --> 00:02:34,500 script just save it as ex.device.info and then there on create a repository and then 31 00:02:34,500 --> 00:02:39,400 go ahead and install the module. Now our repository is a centralized place where 32 00:02:39,400 --> 00:02:43,480 you can hold in a lot of different modules. You can create a repository and 33 00:02:43,480 --> 00:02:47,060 you can install all of the modules which you want to store in that particular 34 00:02:47,060 --> 00:02:56,730 repository. So first of all let's go ahead and have a look at the ex.device.info. So 35 00:02:56,730 --> 00:03:09,710 you can open it up in nano -c Downloads /training/vulnapps/ex.device.info. 36 00:03:09,710 --> 00:03:14,820 This is how the script looks like which is the exactly same thing which we discussed 37 00:03:14,820 --> 00:03:21,910 earlier. Now I will go into Drozer and install this particular module. So the 38 00:03:21,910 --> 00:03:25,730 first thing which I have to do is to create a repository. The module repository 39 00:03:25,730 --> 00:03:35,605 and let's say I want to create it in desktop in a folder called drozerrepo. 40 00:03:35,605 --> 00:03:45,130 I'll create repo also called create . So it says it initialized the repository and 41 00:03:45,130 --> 00:03:50,557 now I can install the modules over here. I can do module install 42 00:03:50,557 --> 00:04:01,940 /home/adi/Downloads/training/vulnapps and then ex.device.info. So it says installed, 43 00:04:01,940 --> 00:04:07,230 successfully installed the modules and one of the things to make sure is make sure 44 00:04:07,230 --> 00:04:16,620 your particular module which is ex.device.info in this case is written 45 00:04:16,620 --> 00:04:21,720 with the proper indentation because it's python. So if you have any kinds of typos 46 00:04:21,720 --> 00:04:27,040 over here, whenever you try to install it will get installed successfully, but if 47 00:04:27,040 --> 00:04:31,770 you try to run that particular module, it will simply quit without showing any 48 00:04:31,770 --> 00:04:37,990 error. So make sure it's written perfectly and it gets installed. Once it gets 49 00:04:37,990 --> 00:04:42,730 installed, you can simply do ex.device.info and it will show you all 50 00:04:42,730 --> 00:04:48,910 this information. So this is how you can write simple modules and you can install 51 00:04:48,910 --> 00:04:54,410 it in Drozer and you can use it to automate a lot of things. Just like the 52 00:04:54,410 --> 00:04:59,200 previous exploit which you saw the Catch notes application, you can have the same 53 00:04:59,200 --> 00:05:05,460 thing written in a module for Drozer. So you simply create a contentRsolver and 54 00:05:05,460 --> 00:05:10,420 query for particular content URI and then you simply print it with additional 55 00:05:10,420 --> 00:05:13,580 parameters like vertical true, show_headers true and these kind of 56 00:05:13,580 --> 00:05:19,970 things. So this is how you can simply write a Drozer module and use it within 57 00:05:19,970 --> 00:05:26,770 Drozer. So this was a very quick video on what all you can do with Drozer. That's 58 00:05:26,770 --> 00:05:30,280 all for this video. If you have any feedback or queries, feel free to reach 59 00:05:30,280 --> 00:05:37,000 out to me at adi@attify.com or you can tweet out to me @adi1391. Thanks a lot.