All language subtitles for 0009 Run Mobile App via ADB.en--- [ FreeCourseWeb.com ] ---

af Afrikaans
sq Albanian
am Amharic
ar Arabic
hy Armenian
az Azerbaijani
eu Basque
be Belarusian
bn Bengali
bs Bosnian
bg Bulgarian
ca Catalan
ceb Cebuano
ny Chichewa
zh-CN Chinese (Simplified)
zh-TW Chinese (Traditional)
co Corsican
hr Croatian
cs Czech
da Danish
nl Dutch
en English
eo Esperanto
et Estonian
tl Filipino
fi Finnish
fr French Download
fy Frisian
gl Galician
ka Georgian
de German
el Greek
gu Gujarati
ht Haitian Creole
ha Hausa
haw Hawaiian
iw Hebrew
hi Hindi
hmn Hmong
hu Hungarian
is Icelandic
ig Igbo
id Indonesian
ga Irish
it Italian
ja Japanese
jw Javanese
kn Kannada
kk Kazakh
km Khmer
ko Korean
ku Kurdish (Kurmanji)
ky Kyrgyz
lo Lao
la Latin
lv Latvian
lt Lithuanian
lb Luxembourgish
mk Macedonian
mg Malagasy
ms Malay
ml Malayalam
mt Maltese
mi Maori
mr Marathi
mn Mongolian
my Myanmar (Burmese)
ne Nepali
no Norwegian
ps Pashto
fa Persian
pl Polish
pt Portuguese
pa Punjabi
ro Romanian
ru Russian
sm Samoan
gd Scots Gaelic
sr Serbian
st Sesotho
sn Shona
sd Sindhi
si Sinhala
sk Slovak
sl Slovenian
so Somali
es Spanish
su Sundanese
sw Swahili
sv Swedish
tg Tajik
ta Tamil
te Telugu
th Thai
tr Turkish
uk Ukrainian
ur Urdu
uz Uzbek
vi Vietnamese
cy Welsh
xh Xhosa
yi Yiddish
yo Yoruba
zu Zulu
or Odia (Oriya)
rw Kinyarwanda
tk Turkmen
tt Tatar
ug Uyghur
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:12,460 --> 00:00:15,290 Hey, guys, welcome back to another episode on How to Hack. 2 00:00:15,640 --> 00:00:21,370 So over here, I have an Android device running and of course, this is powered up by Android studio. 3 00:00:22,000 --> 00:00:24,370 So it does not matter whichever mobile device you're running. 4 00:00:24,400 --> 00:00:30,490 So over here we have the Android running and I can open this up so we can look at the applications that 5 00:00:30,490 --> 00:00:31,060 we have. 6 00:00:31,360 --> 00:00:34,030 And of course, we have Devar, we have four goats. 7 00:00:34,450 --> 00:00:39,250 And of course, this already mobile applications that we will be doing our penetration testing on as 8 00:00:39,250 --> 00:00:40,150 part of our series. 9 00:00:40,540 --> 00:00:45,630 So, of course, in the future will be going through a lot more different kind of security assessment, 10 00:00:45,640 --> 00:00:48,670 penetration testing directly on the mobile application. 11 00:00:49,840 --> 00:00:56,590 So moving forward, what we can see is I can click onto Devar and I can also open up magnifier so it 12 00:00:56,590 --> 00:00:57,660 is easier for you to see. 13 00:00:57,670 --> 00:01:02,050 So once want open up magnifier, I can actually see more carefully. 14 00:01:02,050 --> 00:01:08,010 So Devar, it is an insecure, vulnerable application that we can do penetration testing on. 15 00:01:08,020 --> 00:01:14,310 So of course in today's case we'll be looking primarily on the access control issues. 16 00:01:14,740 --> 00:01:15,100 All right. 17 00:01:15,100 --> 00:01:18,040 So we have went through the insecure data storage. 18 00:01:18,040 --> 00:01:23,160 We went through the input, validation issues and we're going to look at the expense control issues. 19 00:01:23,770 --> 00:01:26,300 So go in and click on access control issues, part one. 20 00:01:26,830 --> 00:01:29,700 So once I click on it, so over here we can reach the objective. 21 00:01:29,720 --> 00:01:30,830 So I'll read it out for you. 22 00:01:31,090 --> 00:01:34,160 You're able to access the API credentials when you click the button. 23 00:01:34,340 --> 00:01:38,290 Now try to access the API credentials from outside the application. 24 00:01:38,350 --> 00:01:42,290 OK, so what happened is that components of applications can be invoked. 25 00:01:42,370 --> 00:01:47,670 And of course from the tutorial title we can invoke that from Android Debark Breech. 26 00:01:47,680 --> 00:01:49,420 So we do have a full tutorial on Dezso. 27 00:01:49,420 --> 00:01:51,850 Do check that video out as part of this channel. 28 00:01:52,270 --> 00:01:58,780 So once you click on it, view API credentials so we can immediately see more details about the API 29 00:01:58,780 --> 00:01:59,540 credentials. 30 00:01:59,560 --> 00:01:59,830 All right. 31 00:01:59,830 --> 00:02:01,550 So we can see those data immediately. 32 00:02:01,960 --> 00:02:04,090 So what I'll do next is how open up command from. 33 00:02:05,500 --> 00:02:10,510 OK, so we got commander, I'm running and I'll put it on to the right side for you and on the Android 34 00:02:10,510 --> 00:02:13,150 emulator, I'll put it on to the left side for you. 35 00:02:13,420 --> 00:02:18,720 So what I'll do is I'll go hit enter Abebe Lockette. 36 00:02:18,730 --> 00:02:26,100 So this would actually start looking at all those lock status massagers regarding the Android device 37 00:02:26,110 --> 00:02:34,000 in case when I click on their view credentials and I click back so I can actually stop the Adblock cat 38 00:02:34,000 --> 00:02:40,020 and I can screw up a little more so we can look at the locks that have been created when I invoked it. 39 00:02:40,360 --> 00:02:43,160 We're going to click onto The View API credentials. 40 00:02:43,210 --> 00:02:49,770 OK, so as I screw up a little more, trying to find out specifically what was being called. 41 00:02:50,050 --> 00:02:53,770 So over here we can see we have the activity manager. 42 00:02:53,890 --> 00:02:54,190 All right. 43 00:02:54,190 --> 00:03:00,550 And it says start you zero act jcua assume devar action dot view on a score. 44 00:03:00,550 --> 00:03:07,840 Kretz, Sampi, Jugulator, assume Devar Slashdot API Kretz activity. 45 00:03:08,290 --> 00:03:12,220 OK, this was from Eweida one zero zero six seven. 46 00:03:12,470 --> 00:03:20,600 OK, so from here what we can do is we can try to invoke the API credentials directly from EDB. 47 00:03:20,680 --> 00:03:25,690 OK, so we may not have control of what the user is clicking. 48 00:03:25,870 --> 00:03:31,660 However, based on what the user click, we can trigger certain activities to be started to invoke all 49 00:03:31,660 --> 00:03:33,520 this different classers. 50 00:03:33,820 --> 00:03:38,680 So when we were looking at a reverse engineering of mobile application, we saw the different classes 51 00:03:39,010 --> 00:03:44,230 in site, a mobile app and we can trigger name based on durin naming. 52 00:03:44,570 --> 00:03:48,640 OK, so over here, going back into the command prompt, all you got to do is enter. 53 00:03:48,640 --> 00:03:56,560 For example, you can enter EDB Shell and start Desh End and all you got to do is copy exactly what 54 00:03:56,560 --> 00:03:59,360 you saw earlier from the activity lock. 55 00:03:59,380 --> 00:04:02,500 OK, so you go with Desh and followed by Jacare. 56 00:04:03,040 --> 00:04:08,110 A seam got divorced Argott API Kretz activity. 57 00:04:08,410 --> 00:04:10,600 So go ahead and hit enter on that. 58 00:04:11,590 --> 00:04:17,560 And immediately on the left side of the mobile device we can see that we managed to invoke the activity 59 00:04:17,770 --> 00:04:18,730 from ADB. 60 00:04:19,400 --> 00:04:19,760 All right. 61 00:04:19,840 --> 00:04:22,510 So once again, I hope you've learned something valuable in today's tutorial. 62 00:04:22,520 --> 00:04:23,290 You have any questions? 63 00:04:23,290 --> 00:04:26,470 Feel free to leave a comment below and I'll try my best to answer any of your queries. 64 00:04:26,770 --> 00:04:28,060 Stromatolite share. 65 00:04:28,060 --> 00:04:32,050 Subscribe to the channel so that you can be kept abreast of the latest cybersecurity. 66 00:04:32,530 --> 00:04:33,940 Thank you so much once again for watching. 6874

Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.