subtitlecat.com

All language subtitles for 0009 Run Mobile App via ADB.en--- [ FreeCourseWeb.com ] ---

Afrikaans

Akan

Albanian

Amharic

Arabic

Armenian

Azerbaijani

Basque

Belarusian

Bemba

Bengali

Bihari

Bosnian

Breton

Bulgarian

Cambodian

Catalan

Cebuano

Cherokee

Chichewa

Chinese (Simplified)

Chinese (Traditional)

Corsican

Croatian

Czech

Danish

Dutch

English

Esperanto

Estonian

Ewe

Faroese

Filipino

Finnish

French Download

Frisian

Galician

Georgian

German

Greek

Guarani

Gujarati

Haitian Creole

Hausa

Hawaiian

Hebrew

Hindi

Hmong

Hungarian

Icelandic

Igbo

Indonesian

Interlingua

Irish

Italian

Japanese

Javanese

Kannada

Kazakh

Kinyarwanda

Kirundi

Kongo

Korean

Krio (Sierra Leone)

Kurdish

Kurdish (Soranî)

Kyrgyz

Laothian

Latin

Latvian

Lingala

Lithuanian

Lozi

Luganda

Luo

Luxembourgish

Macedonian

Malagasy

Malay

Malayalam

Maltese

Maori

Marathi

Mauritian Creole

Moldavian

Mongolian

Myanmar (Burmese)

Montenegrin

Nepali

Nigerian Pidgin

Northern Sotho

Norwegian

Norwegian (Nynorsk)

Occitan

Oriya

Oromo

Pashto

Persian

Polish

Portuguese (Brazil)

Portuguese (Portugal)

Punjabi

Quechua

Romanian

Romansh

Runyakitara

Russian

Samoan

Scots Gaelic

Serbian

Serbo-Croatian

Sesotho

Setswana

Seychellois Creole

Shona

Sindhi

Sinhalese

Slovak

Slovenian

Somali

Spanish

Spanish (Latin American)

Sundanese

Swahili

Swedish

Tajik

Tamil

Tatar

Telugu

Thai

Tigrinya

Tonga

Tshiluba

Tumbuka

Turkish

Turkmen

Twi

Uighur

Ukrainian

Urdu

Uzbek

Vietnamese

Welsh

Wolof

Xhosa

Yiddish

Yoruba

Zulu

Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:12,460 --> 00:00:15,290 Hey, guys, welcome back to another episode on How to Hack. 2 00:00:15,640 --> 00:00:21,370 So over here, I have an Android device running and of course, this is powered up by Android studio. 3 00:00:22,000 --> 00:00:24,370 So it does not matter whichever mobile device you're running. 4 00:00:24,400 --> 00:00:30,490 So over here we have the Android running and I can open this up so we can look at the applications that 5 00:00:30,490 --> 00:00:31,060 we have. 6 00:00:31,360 --> 00:00:34,030 And of course, we have Devar, we have four goats. 7 00:00:34,450 --> 00:00:39,250 And of course, this already mobile applications that we will be doing our penetration testing on as 8 00:00:39,250 --> 00:00:40,150 part of our series. 9 00:00:40,540 --> 00:00:45,630 So, of course, in the future will be going through a lot more different kind of security assessment, 10 00:00:45,640 --> 00:00:48,670 penetration testing directly on the mobile application. 11 00:00:49,840 --> 00:00:56,590 So moving forward, what we can see is I can click onto Devar and I can also open up magnifier so it 12 00:00:56,590 --> 00:00:57,660 is easier for you to see. 13 00:00:57,670 --> 00:01:02,050 So once want open up magnifier, I can actually see more carefully. 14 00:01:02,050 --> 00:01:08,010 So Devar, it is an insecure, vulnerable application that we can do penetration testing on. 15 00:01:08,020 --> 00:01:14,310 So of course in today's case we'll be looking primarily on the access control issues. 16 00:01:14,740 --> 00:01:15,100 All right. 17 00:01:15,100 --> 00:01:18,040 So we have went through the insecure data storage. 18 00:01:18,040 --> 00:01:23,160 We went through the input, validation issues and we're going to look at the expense control issues. 19 00:01:23,770 --> 00:01:26,300 So go in and click on access control issues, part one. 20 00:01:26,830 --> 00:01:29,700 So once I click on it, so over here we can reach the objective. 21 00:01:29,720 --> 00:01:30,830 So I'll read it out for you. 22 00:01:31,090 --> 00:01:34,160 You're able to access the API credentials when you click the button. 23 00:01:34,340 --> 00:01:38,290 Now try to access the API credentials from outside the application. 24 00:01:38,350 --> 00:01:42,290 OK, so what happened is that components of applications can be invoked. 25 00:01:42,370 --> 00:01:47,670 And of course from the tutorial title we can invoke that from Android Debark Breech. 26 00:01:47,680 --> 00:01:49,420 So we do have a full tutorial on Dezso. 27 00:01:49,420 --> 00:01:51,850 Do check that video out as part of this channel. 28 00:01:52,270 --> 00:01:58,780 So once you click on it, view API credentials so we can immediately see more details about the API 29 00:01:58,780 --> 00:01:59,540 credentials. 30 00:01:59,560 --> 00:01:59,830 All right. 31 00:01:59,830 --> 00:02:01,550 So we can see those data immediately. 32 00:02:01,960 --> 00:02:04,090 So what I'll do next is how open up command from. 33 00:02:05,500 --> 00:02:10,510 OK, so we got commander, I'm running and I'll put it on to the right side for you and on the Android 34 00:02:10,510 --> 00:02:13,150 emulator, I'll put it on to the left side for you. 35 00:02:13,420 --> 00:02:18,720 So what I'll do is I'll go hit enter Abebe Lockette. 36 00:02:18,730 --> 00:02:26,100 So this would actually start looking at all those lock status massagers regarding the Android device 37 00:02:26,110 --> 00:02:34,000 in case when I click on their view credentials and I click back so I can actually stop the Adblock cat 38 00:02:34,000 --> 00:02:40,020 and I can screw up a little more so we can look at the locks that have been created when I invoked it. 39 00:02:40,360 --> 00:02:43,160 We're going to click onto The View API credentials. 40 00:02:43,210 --> 00:02:49,770 OK, so as I screw up a little more, trying to find out specifically what was being called. 41 00:02:50,050 --> 00:02:53,770 So over here we can see we have the activity manager. 42 00:02:53,890 --> 00:02:54,190 All right. 43 00:02:54,190 --> 00:03:00,550 And it says start you zero act jcua assume devar action dot view on a score. 44 00:03:00,550 --> 00:03:07,840 Kretz, Sampi, Jugulator, assume Devar Slashdot API Kretz activity. 45 00:03:08,290 --> 00:03:12,220 OK, this was from Eweida one zero zero six seven. 46 00:03:12,470 --> 00:03:20,600 OK, so from here what we can do is we can try to invoke the API credentials directly from EDB. 47 00:03:20,680 --> 00:03:25,690 OK, so we may not have control of what the user is clicking. 48 00:03:25,870 --> 00:03:31,660 However, based on what the user click, we can trigger certain activities to be started to invoke all 49 00:03:31,660 --> 00:03:33,520 this different classers. 50 00:03:33,820 --> 00:03:38,680 So when we were looking at a reverse engineering of mobile application, we saw the different classes 51 00:03:39,010 --> 00:03:44,230 in site, a mobile app and we can trigger name based on durin naming. 52 00:03:44,570 --> 00:03:48,640 OK, so over here, going back into the command prompt, all you got to do is enter. 53 00:03:48,640 --> 00:03:56,560 For example, you can enter EDB Shell and start Desh End and all you got to do is copy exactly what 54 00:03:56,560 --> 00:03:59,360 you saw earlier from the activity lock. 55 00:03:59,380 --> 00:04:02,500 OK, so you go with Desh and followed by Jacare. 56 00:04:03,040 --> 00:04:08,110 A seam got divorced Argott API Kretz activity. 57 00:04:08,410 --> 00:04:10,600 So go ahead and hit enter on that. 58 00:04:11,590 --> 00:04:17,560 And immediately on the left side of the mobile device we can see that we managed to invoke the activity 59 00:04:17,770 --> 00:04:18,730 from ADB. 60 00:04:19,400 --> 00:04:19,760 All right. 61 00:04:19,840 --> 00:04:22,510 So once again, I hope you've learned something valuable in today's tutorial. 62 00:04:22,520 --> 00:04:23,290 You have any questions? 63 00:04:23,290 --> 00:04:26,470 Feel free to leave a comment below and I'll try my best to answer any of your queries. 64 00:04:26,770 --> 00:04:28,060 Stromatolite share. 65 00:04:28,060 --> 00:04:32,050 Subscribe to the channel so that you can be kept abreast of the latest cybersecurity. 66 00:04:32,530 --> 00:04:33,940 Thank you so much once again for watching. 6874