Awesome

Android-Exploits

A collection of android Exploits and guide on android exploitation

root@n3x7:~$ ls -l
drwxr-xr-x  dos     - Denial Of Service exploits
drwxr-xr-x  local   - Local Exploits
drwxr-xr-x  remote  - remote exploits
drwxr-xr-x  webapps - webapp exploits

Usage and Where to start

Clone me :)<br/>

git clone https://github.com/sundaysec/Android-Exploits.git<br/><br/> Recommend you grab exploitpack latest version<br/><br/> wget https://github.com/juansacco/exploitpack/archive/master.zip<br/><br/> Extract then Navigate into the folder and type:<br/><br/> java -jar ExploitPack.jar<br/><br/> Load the exploits<br/><br/> Learn and hack<br/><br/>

OWASP Top 10 Mobile Risks

1. Insecure Data Storage
2. Weak Server Side Controls
3. Insufficient Transport Layer Protection
4. Client Side Injection
5. Poor Authorization and Authentication
6. Improper Session Handling
7. Security Decisions Via Untrusted Inputs
8. Side Channel Data Leakage
9. Broken Cryptography
10. Sensitive Information Disclosure

───────▀▄───▄▀────────
──────▄█▀███▀█▄───────
─────█▀███████▀█──────
─────█─█▀▀▀▀▀█─█──────
────────▀▀─▀▀─────────
-->> exploit

Common Tools(In mobile Exploits)

• SSH
• VNC server
• A compiler (gcc / agcc)
• Android SDK (adb!)
• XCode
• Jailbroken iDevice
• Rooted Android Device

Android Hacking Tools

Mobile Apps (Hack On Android)

• AndroRat - Android Remote Administrative Tool
• cspoilt - A tool that enumerates local hosts, finds vulnerabilities and their exploits, cracks Wi-Fi password, installs backdoors blablabla!!!
• Hackode - All In One Android Pentest Tool
• zANTI - Network mapping, port discovery, sniffing, packet manipulation, DoS, MITM blablabla!!
• FaceNiff - Intercept and sniff WiFi network traffic for Social Media packets
• Droidsheep - Android application that analyzes security in wireless networks and also captures Twitter, Linked, Facebook, and other accounts
• USB Cleaver - Silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information
• Shark - Network Packate analysis tool
• DroidBox - Dynamic analysis of Android apps
• Wi-Fi Kill - Disable other Users from WiFi Access

Books and Articles

• A survey of Android exploits in the wild - The Android operating system Exploitation Survey
• Popular Android Exploits - Introduction to Android Exploits.
• Own your Android! Yet Another Universal Root - Android root exploitation
• ASDC12-Smart_Bombs_Mobile_Vulnerability_and_Exploitation - Mobile Vulnerability Exploitation
• BlueBorne - Android Exploit - Exploiting an RCE Over the Air
• EVOLUTION OF ANDROID EXPLOITS - Evolution of Android exploits from a statistical analysis tool perspective
• Hacking Androids for Fun and for Profit - Android Exploitation

<a rel="license" href="http://creativecommons.org/licenses/by/4.0/"><img alt="Creative Commons License" style="border-width:0" src="https://i.creativecommons.org/l/by/4.0/88x31.png" /></a><br />This work is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>.