1 00:00:00,090 --> 00:00:04,260 - Hello, and welcome to the new video of Android Security and 2 00:00:04,260 --> 00:00:09,280 Exploitation by Pentester Academy. My name is Aditya and I am your course 3 00:00:09,280 --> 00:00:14,200 instructor for this entire training series. So, in this video, we are going to 4 00:00:14,200 --> 00:00:19,500 have a look at the access control issues of the "Damn Insecure and Vulnerable 5 00:00:19,500 --> 00:00:27,030 Application." So, access control issues simply means that the application is not 6 00:00:27,030 --> 00:00:32,793 able to authorize or correctly validate the access of a particular user. So 7 00:00:32,793 --> 00:00:39,680 someone with insufficient authorization or insufficient access can also view the 8 00:00:39,680 --> 00:00:45,511 protected content with this vulnerability, right. So if we have a look at the 9 00:00:45,511 --> 00:00:54,613 application, which is the "Access Control Issues -1", it says, "You are able to 10 00:00:54,613 --> 00:00:59,427 access the API credentials when you click the button. Now, try to access the API 11 00:00:59,427 --> 00:01:04,531 credentials from outside the application." So if we click on this button, we are able 12 00:01:04,531 --> 00:01:10,626 to access the API credentials, and that's perfectly working fine. But we want to 13 00:01:10,626 --> 00:01:18,833 access the API from outside the application. And we know that we can use 14 00:01:18,833 --> 00:01:23,426 something like an AM or activity manager, which we have already seen in the 15 00:01:23,426 --> 00:01:30,557 Android for Pentesters course, and use it to invoke a particular activity, or 16 00:01:30,557 --> 00:01:36,250 maybe to launch a browser, or maybe to invoke a intent filter, and so on. 17 00:01:36,250 --> 00:01:41,370 So first of all, let's go and have a look at the Android manifest for this 18 00:01:41,370 --> 00:01:48,867 application. So, if you look at the Android manifest, and search for 19 00:01:48,867 --> 00:02:01,139 "Access"... So this is the "Access control 1 activity" and we have the "API Creds 20 00:02:01,139 --> 00:02:06,070 Activity", which has the intent filter of "VIEW_CREDS". 21 00:02:06,070 --> 00:02:10,680 Now we have already discussed what an intent filter is in the earlier course 22 00:02:10,680 --> 00:02:18,700 videos, right? So all we want to do is invoke the API credentials activity by 23 00:02:18,700 --> 00:02:23,630 simply using this particular intent filter. So let's simply go ahead and copy 24 00:02:23,630 --> 00:02:37,187 this and use "adb shell am -a" and the intent filter. Let's see if it works. 25 00:02:41,637 --> 00:02:47,940 And if you click on "VIEW_CREDS" it 26 00:02:47,940 --> 00:03:04,510 doesn't work. So "adb shell -a jakhar.aseem.diva. VIEW_CREDS", right? 27 00:03:04,510 --> 00:03:11,494 Looks like I missed a "start" over here, so "am start -a". And now if you see, we 28 00:03:11,494 --> 00:03:17,820 have access to the API credentials from outside the application. And this is how 29 00:03:17,820 --> 00:03:24,420 you can use an intent filter with the activity manager, or AM. So that's all for 30 00:03:24,420 --> 00:03:28,410 this short video. In the upcoming videos we are going to have a look at several 31 00:03:28,410 --> 00:03:33,270 other access control issues and a couple more issues, right? So if you have any 32 00:03:33,270 --> 00:03:38,610 feedback or queries, feel free to reach out to me at adi@attify.com, and do check 33 00:03:38,610 --> 00:03:42,120 out the certification at securitytube-training.com. See you in the 34 00:03:42,120 --> 00:03:43,000 next video.