13.2 Mobile Android Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

19 hours 55 minutes
Video Transcription
Hi. Welcome back to the course. So in the last video, we talked about some basic mobile hacking concepts
in this video, we're gonna go over hacking Android. And so basically, we're gonna start off with talk about endured tools that we can use and then a little bit about the architecture of Android.
So several tools we could use and this is not an all inclusive list. These are some common common ones that you might see used out there. So android rat hack owed both. Those are kind of the most common on this list year. Zan TC Spoiled face sniff shark for rude droid sheep, which is also commonly used
droid box A p k inspector than that Our good old friend and map.
So, Andrew Rat basically combined to you android and rat is what it stands for. Takes control of the android operating system so it can run as a service and it can activate server connections. So with things like SMS, or you know that our messaging there or phone calls
so what it does, it collects a lot of information. So things that call logs the actual location of your device, your text messaging, it will track your user activity. So, you know, like if you're sending emails and stuff or if you're clicking on certain naps also, it can actually shoot camera. You know, just just basically, all sorts of stuff is the information type. It can get
hack code s O. This has three categories reconnaissance security feed in scanning. So this tool could be used for things that Google hacking. You can also use it for scanning sequel injection, D N s look up and many, many more things
zan t so that z and then Auntie, this is a screenshot of it again, this one's more love kind of ah, sniffer, so to speak. It's gonna collect data on different packets on give you that data
See, exploit. This has got a catalogue local Holst, and also installs back doors for you making detect vulnerabilities. And it can also grab a WiFi passwords
face sniff. So this one is a sniffer and this could be used based on what your information you can get. You can actually go ahead and exploit someone's Twitter or Facebook account and take control
shark for rude. It's another sniffer. Many times you'll see a call like the wire shark for Android. It's based on TCP pump Dunk. Excuse me, but so basically, you can use TCP dump commands for this particular tool, and it only works on rooted android devices.
Drug cheap. Another one. And again, I mentioned that's pretty popular as well and operates as a rotter, basically to oversee the WiFi network traffic. So what that allows it to do is gain access to the active session. So from there, you know can then jump into, allowing you to take over someone's Twitter or Facebook or linked in account and very many more. Basically, any social media out there
droid box on this one is gonna check. The hash is for a peek. A package is also SMS and calls network trafficking. So a lot of different information and greens and you see it here at the command mine,
a P K. Inspector. So this one could be used to reverse engineer a coat so you can see potential vulnerabilities in it, and then it also might allow you to delete the license or credits for the app
and map. We already kind of know what that one is, but it works on rooted and non rooted devices, and you can just run different scans with Ian.
So here's an outline of Android OS architecture. So we start off with our limits, Colonel. So that's gonna contain our drivers and everything. And then we move into our library packages, and then we also have a set of core libraries and then our D. V M or a dull Vic virtual machine. And then on top of that stack is the application framework. So that's where are different Management packages are.
And then finally, we reach our application level. And that's where, like you and I actually interact with the phone, right? I checked my email. I I sent text messaging.
I checked my contacts. I browse the Web, I do whatever right.
So some of the tools we can use for, like, android routing and this is not an all inclusive list. These are some of the ones and that you might see
on the exams of capacity, and I don't know if you will or not. But these are some of the ones easy Council talks about, so one could crew rescue route and Kingo route.
So one click group is pretty straightforward. It's actually very easy to route a device with it on. And because of that, many of these tools are marked his malware by anti viruses. But but this is all this is the interface what it looks like and it's really simple to do
rescue route. Similar thing here is just gonna allow us to basically route the device that tells you the minimums that you need here. Obviously you need an android device, USB cable, and then at least 1/4 of your battery left. I would say a full battery is the best option here if you're gonna retreat device
and then Kingo route. This one is definitely flagged us. Ah, by anti viruses malware that were as malicious. Excuse me, so just keep that in mind. But But you can use it for different devices,
and it's targeted towards android. But you can also dollard it on windows and play around
so vulnerability scanners for mobile. There's many of them out there. These were a couple of them that are in used by different people. I know that work is pen tester, So holster lab that offers for both Android and IOS, same with that vigil that's gonna give you both for IOS and Android
and then one thing about that when it actually checks against your lost top 10. So checks for those vulnerabilities
andro total scans from elsewhere. That's on Android. Same with a kana that's checking for a malicious code on Android
and then San Droid. It performs a static and dynamic analysis, and again, that's just for Android.
So in this video we talked about the android hacking. You kind of went over some different components of it, and also the android architecture
and the next video really jump into the IOS hacking.
Up Next
Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By