Digging deeper into Android (ADB tool)

Eslam Medhat (Ethical Hacking, Bug Bounty and Penetration Testing)
A free video tutorial from Eslam Medhat (Ethical Hacking, Bug Bounty and Penetration Testing)
Hacking, Ethical Hacking, Bug Bounty and Penetration Testing
4.2 instructor rating • 4 courses • 11,466 students

Learn more from the full course

Mobile Application Hacking and Penetration Testing (Android)

Practice Mobile Application Hacking and Penetration Testing against a number of real world mobile applications.

01:20:29 of on-demand video • Updated September 2020

  • You will understand the different types of vulnerabilities that affect mobile applications and have the practical knowledge to attack and exploit them.
  • Perform real world attacks on Android Devices and Apps.
  • By the end of the course , You will learn How to Fuzz mobile apps.
  • OWASP Top Ten Mobile and Web most common vulnerabilities.
  • Build your own home lab on mobile application security.
  • By the end of the course , You will learn Mobile applications reverse engineering.
  • Practice on real world mobile applications.
  • Provides you the skills necessary to peform Penetration tests of mobile applications.
English The first thing that we should do is to connect both emulator and Santoku system on the same network so we can interact between them. First we will go to the emulator settings and change network mode from NAT to bridge to make the emulator connect to the home internet directory. Now choose your Internet Card then press OK. Now the emulator will take an IP address from your home router or access point. Let's start the emulator then go to the Santoku network settings to change it from NAT to bridge too. right click on this icon. go to the network settings, here change it from NAT to bridged adapter and choose your internet adapter then press OK. You need to disable and enable the connection to activate the new settings. Right click on this icon Press connect network adapter, wait a few seconds, then enable the connection again OK. That connection has been restarted. Now let's check the connection information to see the Santoku IP address. As you can see the IP address is here The most important thing is the IP address of the emulator because we will connect to the emulator with it. Let's go to the Mobile network settings to check the IP address from the dropdown menu. Click on the Wi-Fi icon then click more settings and go to the advanced section, you will see down here the IP address of this phone on the emulator. Lets PING the phone IP address first to test the connection. ping 192.168.1.149 enter! If you got a replay from that IP, then the connection is working fine. Press Control-C to exit and let's connect to that phone with adb tool To connect to that phone on Emulator. You need to know the IP address. Now type adb connect and the phone IP address which is 192.168.1.149, then press enter. As you can see connected successfully. Now we can control the whole mobile phone from here. Let's try some adb commands the first command is "adb devices" and it will show you the list of connected devices. We have only here one connection from the emulator Let's try another command. "adb shell ls" this command will list all the files in the root folder on the device. As you can see here. These are all the folders and the files in the root directory. Now if I tried to run the "ps" command that is responsible for showing the current processes on the device. It will only show the Santoku process list to fix this issue. We should run the shell command to move to the Emulator shell. But before that let's try the "logcat" command which is responsible for catching the system log files. Type "adb logcat" and see the logs. You will see here a lot of logs from every part of the system. And if you tried to run some apps from the emulator you will see new logs appears here on the terminal. Android logcat is also sometimes useful during forensics investigations. It contains the logs of all the activities carried out on the phone. It will also help the pen testers to get an idea of what has been going on the device. Now, press control + C to exit from logcat Let's check if the emulator still connected or not. OK. It is connected. Now let's try the "adb shell" command. Now we are on the phone shell. Every command will be executed on the phone directly. If you tried the command "ls" you will see all the files and folders on the root directory. Now let's access the data folder to see all the installed packages or apps on this phone. The installed applications exist under the data/data directory. So let's access the other data directory to check all the packages and run "ls", as you can see here are all the installed packages. If you tried to install a new application you will find it's package here in the data directory. Now let's try to access the SD card directory. During penetration testing process. You should check the SD card folder because you may find sensitive data there. Now let's go back to the root directory to access the mnt directory which contains the SD card directory. Here is the mnt directory. Type "cd mnt" to access it, "ls", you can find here the SD card directory. Now type "cd sdcard" to access it. As you can see here are all the folders and files of the SD card. Now if you tried the "ps" command, you will see information about the currently running processes on Android including their process identification number. so this how we can use the Android debug bridge or the adb tool to interact with Android operating system on the emulator.