Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:12,190 --> 00:00:15,050
Hey, guys, welcome back to another episode on How to Hack.
2
00:00:15,610 --> 00:00:21,040
So today we'll be discussing and learning about mobile application security, so otherwise could be
3
00:00:21,040 --> 00:00:23,730
called as mobile application penetration testing.
4
00:00:24,100 --> 00:00:27,730
So we're testing the mobile application that our install into your phone.
5
00:00:28,210 --> 00:00:33,170
So over here in our case, we actually have a mobile phone running on the left side.
6
00:00:33,220 --> 00:00:36,940
So this is an Android device being followed up by Android studio.
7
00:00:37,330 --> 00:00:40,810
And on the right side, we have command from running and of course, in command prompt.
8
00:00:41,020 --> 00:00:43,780
We want to learn about Android debark breech.
9
00:00:44,020 --> 00:00:49,450
So we have a full tutorial on that that you can check out as part of a YouTube channel to go ahead and
10
00:00:49,450 --> 00:00:52,350
subscribe to the channel so that you can learn all about cyber security.
11
00:00:52,900 --> 00:00:57,910
So moving back to the tutorial, we can enter, for example, EDB for mobile devices.
12
00:00:58,720 --> 00:01:03,790
So this will isdell all the devices that are attached to your computer, whether they are attached to
13
00:01:03,810 --> 00:01:06,670
USB emulation or even wirelessly.
14
00:01:06,850 --> 00:01:10,570
So we can see all the devices that are connected to your EDB.
15
00:01:11,230 --> 00:01:16,870
And on the left side, I actually have an mobile device running and we actually have an application
16
00:01:16,870 --> 00:01:18,390
called Deiva.
17
00:01:19,060 --> 00:01:25,660
So if I scroll up and I go into this particular application over here, I can open it up and we actually
18
00:01:25,660 --> 00:01:32,020
have the application and this is a vulnerable mobile application that we can do our vulnerability analysis
19
00:01:32,020 --> 00:01:34,420
on, that we can do our penetration testing on.
20
00:01:34,840 --> 00:01:40,570
So this is a wonderful way for us to learn about mobile application security and how we can secure this
21
00:01:40,570 --> 00:01:40,870
data.
22
00:01:41,650 --> 00:01:47,860
So what we're going to learn over here as we review through the data, we have insecure logging, hot
23
00:01:47,860 --> 00:01:53,920
coding issues in secure data storage and so on and so forth, including input validation series.
24
00:01:54,490 --> 00:01:58,330
And we can actually look at, for example, in secure data storage.
25
00:01:58,720 --> 00:02:05,830
So the whole idea about this insecure data storage lies with one of the problems of how data is being
26
00:02:05,830 --> 00:02:09,750
stored inside the mobile device, truly mobile application.
27
00:02:10,090 --> 00:02:17,340
And one of those issues is that a lot of this mobile application stores data in plain text, in clear
28
00:02:17,350 --> 00:02:19,890
text inside the storage device.
29
00:02:20,260 --> 00:02:26,770
So as a result of that, whoever has access into the mobile applications storage will have the ability
30
00:02:26,920 --> 00:02:28,930
to actually view all those data.
31
00:02:29,350 --> 00:02:29,680
All right.
32
00:02:29,690 --> 00:02:35,770
So, for example, over here, I can enter the third party service username.
33
00:02:35,770 --> 00:02:41,530
I can enter tests, for example, and I can click on the third party service password.
34
00:02:41,530 --> 00:02:44,490
So you can think of this like logging in to your banking app.
35
00:02:44,800 --> 00:02:48,900
You can think of this like logging into the e-commerce mobile application you have.
36
00:02:48,910 --> 00:02:53,920
So in some sense, when you have the same login, they would actually have to see your password somewhere.
37
00:02:53,950 --> 00:03:00,370
I'll be able to save some kind of token inside your device in order to inject that back into the application
38
00:03:00,370 --> 00:03:01,550
authentication server.
39
00:03:01,930 --> 00:03:06,120
So as a result of that, when you click save, we have that data being saved.
40
00:03:06,130 --> 00:03:09,270
So we have the credential being safe inside the system.
41
00:03:09,730 --> 00:03:13,820
And when I go back into the Android box breach.
42
00:03:14,080 --> 00:03:18,670
So, for example, if I enter the following, I can enter EDB full of my shell.
43
00:03:18,790 --> 00:03:23,390
So this would give us access into the system so I can enter, for example, who am I?
44
00:03:24,070 --> 00:03:30,470
So we are looking at Unix or Linux commands so I can actually exit on this so I can enter route.
45
00:03:30,520 --> 00:03:36,360
Do we start as route OK and we can enter EDB Shell again and we can enter.
46
00:03:36,370 --> 00:03:36,940
Who am I.
47
00:03:37,180 --> 00:03:43,570
So in this case we are now accessing the Android device as route and we can try to examine what kind
48
00:03:43,570 --> 00:03:44,400
of data they are.
49
00:03:44,950 --> 00:03:53,710
So I can KDDI into slash data, slash data, enter URLs so we can actually see all the information over
50
00:03:53,710 --> 00:03:56,020
here, so we can see all the applications.
51
00:03:56,350 --> 00:03:59,910
So one particular folder stands out.
52
00:03:59,920 --> 00:04:02,350
So that is actually on there, over here.
53
00:04:02,360 --> 00:04:09,700
So let me just bring up the command prompt for you so we can see over here we have Chunka assume, Devah,
54
00:04:10,000 --> 00:04:19,570
so we can see into Jaka assim devah hit enter on debt and PTR else again and we can see all the information
55
00:04:19,570 --> 00:04:22,030
regarding the directory.
56
00:04:22,060 --> 00:04:24,640
So we have all four different directories.
57
00:04:24,640 --> 00:04:29,830
We have cache code cache databases, we have the data app.
58
00:04:30,150 --> 00:04:32,710
OK, so we can actually look at all this information.
59
00:04:32,710 --> 00:04:39,970
We have share preferences so we can actually tried to KDDI, for example, in shet preference hit enter
60
00:04:39,970 --> 00:04:47,260
on debt and through less special a to do a listing and we can see that there is an XML file.
61
00:04:48,070 --> 00:04:54,190
So what happened is that a lot of mobile application could be storing those data in XML format or Ezekial
62
00:04:54,190 --> 00:04:54,610
Light.
63
00:04:54,880 --> 00:05:00,100
So Ezekial, I will do that as a separate tutorial in the future about how we can examine those data.
64
00:05:00,910 --> 00:05:06,910
So over here we have an XML fall and all you got to do is do a cat to read a particular file hit.
65
00:05:06,910 --> 00:05:09,610
Enter on that and we can immediately.
66
00:05:10,180 --> 00:05:13,150
Find out the information of the string name.
67
00:05:13,420 --> 00:05:18,640
OK, so we have the password and we have the user and both of these was tests.
68
00:05:18,640 --> 00:05:24,690
So we actually entered Tess and Tess for our string password as well as string user.
69
00:05:24,700 --> 00:05:29,920
So immediately we can retrieve those data inside of storage of the mobile device.
70
00:05:29,920 --> 00:05:36,460
So very quickly we could actually view and access a lot of those critical data, personal information
71
00:05:36,760 --> 00:05:38,170
inside the mobile device.
72
00:05:38,650 --> 00:05:43,510
So moving forward, I can actually do a changed directory back then.
73
00:05:43,510 --> 00:05:50,650
I can CD into databases and I can enter again and we can see all this different information here.
74
00:05:50,680 --> 00:06:00,920
So we have Devar notes, we have dot DB Desh S M Dash, WHL IDs too, and all these different data.
75
00:06:01,210 --> 00:06:04,600
So the question to ask is, are we able to budos information?
76
00:06:04,870 --> 00:06:08,280
So can we do a Cat Vigano study?
77
00:06:08,290 --> 00:06:10,130
What can we see from those results?
78
00:06:10,510 --> 00:06:13,840
What about deaths as heat and turn that?
79
00:06:14,380 --> 00:06:16,550
What about Desh WHL?
80
00:06:16,600 --> 00:06:19,120
What kind of data can we find?
81
00:06:19,480 --> 00:06:24,190
And over here, OK, over here we can see we have some information.
82
00:06:24,400 --> 00:06:33,040
We have exercise, alternate days running expense, spent too much on home theater, holiday idogawa
83
00:06:33,040 --> 00:06:33,850
or MSM.
84
00:06:34,120 --> 00:06:35,260
So we realize this.
85
00:06:35,920 --> 00:06:39,580
We have not actually log in into the mobile application yet.
86
00:06:39,910 --> 00:06:46,600
We are also able to view those data inside the mobile application of those data that are used by the
87
00:06:46,630 --> 00:06:51,220
mobile application to provide information and update through the mobile application.
88
00:06:51,610 --> 00:06:56,110
OK, so with that, we have come to the end of today's tutorial and I hope that you've learned something
89
00:06:56,110 --> 00:06:56,710
valuable.
90
00:06:57,160 --> 00:07:01,270
So if you have any questions, we have to leave a comment below and I'll try my best to answer any of
91
00:07:01,270 --> 00:07:06,340
your questions submitted like subscribe to the channel so that you can be kept abreast of the latest
92
00:07:06,340 --> 00:07:07,030
cybersecurity.
93
00:07:07,690 --> 00:07:09,160
Thank you so much once again for watching.
10155
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.