1
00:00:02,070 --> 00:00:07,860
So now that we have an emulator setup we are able to start to work on building our test environments

2
00:00:07,890 --> 00:00:09,900
on the actual phone itself.

3
00:00:09,900 --> 00:00:14,940
And for this I'm going to discuss a little bit about how to use ADP to give you a little bit of fundamentals

4
00:00:14,940 --> 00:00:15,440
on that.

5
00:00:15,570 --> 00:00:20,310
And we'll also take a look at installing a purposefully vulnerable application.

6
00:00:20,310 --> 00:00:25,800
Now the vulnerable applications that I'm going to be using in this one of them is going to be this one

7
00:00:25,800 --> 00:00:26,770
here.

8
00:00:26,880 --> 00:00:28,260
It's called diva.

9
00:00:28,260 --> 00:00:33,830
And I'll include these links inside of like a resources section at the end of the course.

10
00:00:33,900 --> 00:00:39,310
And that way you'll be able to access all of these links as discussed and all I'll discuss which video

11
00:00:39,310 --> 00:00:43,860
is the links are actually utilized in that sort of thing just that way you're able to access them without

12
00:00:43,860 --> 00:00:46,070
having to type this out word for word.

13
00:00:46,080 --> 00:00:52,650
So once we download this we'll be able to get an API K and that AP K we'll be able to be installed on

14
00:00:52,650 --> 00:00:53,850
that device.

15
00:00:53,850 --> 00:00:59,250
I have another AP K which is in secure bank V2 and this is another AP K that will install lots and other

16
00:00:59,250 --> 00:01:00,750
insecure application.

17
00:01:00,750 --> 00:01:05,760
Again I'll post the link for this inside of a resources section in this course that you're able to get

18
00:01:05,760 --> 00:01:08,850
access to that and download the AP case as well.

19
00:01:08,910 --> 00:01:13,140
So the very first thing that discusses if you're following along on your own Android device and you

20
00:01:13,140 --> 00:01:19,530
are using an emulator you're going to first have to enable us to be debugging and to do this.

21
00:01:19,530 --> 00:01:25,260
You're going to go into your settings and you're can have to get access to the developer tools to do

22
00:01:25,260 --> 00:01:26,630
this it's a little bit tricky.

23
00:01:26,640 --> 00:01:33,750
You have to go into your system and then you have to go to a boat and then you just scroll down to build.

24
00:01:33,750 --> 00:01:34,430
No.

25
00:01:34,710 --> 00:01:39,420
And you're just going to tap on this until it says you are now a developer.

26
00:01:39,660 --> 00:01:46,180
Once this is done you should now have a developer tools option in your settings.

27
00:01:46,570 --> 00:01:51,600
And on this one here I restart my settings to make sure it shows

28
00:01:56,170 --> 00:01:59,310
if you can't find it you can try like typing it into care.

29
00:01:59,470 --> 00:02:00,940
You'll see developer options.

30
00:02:00,940 --> 00:02:03,880
It's under system and then developer options in this case.

31
00:02:03,890 --> 00:02:06,830
So yeah under system.

32
00:02:07,030 --> 00:02:12,820
And then there should be developer options under advanced it will be in different locations depending

33
00:02:12,820 --> 00:02:13,450
on your device.

34
00:02:13,450 --> 00:02:17,140
The easiest way is just to search it in your settings to find that developer settings.

35
00:02:17,860 --> 00:02:22,420
So it's not here you build to get access to a lot of different things that are commonly used by application

36
00:02:22,420 --> 00:02:27,310
developers and a lot of these settings may be useful for you while debugging applications or trying

37
00:02:27,310 --> 00:02:28,200
to test them.

38
00:02:28,240 --> 00:02:31,540
But the main one when they're interested in right now is us to be debugging.

39
00:02:31,540 --> 00:02:36,910
You want to make sure that us be debugging is enabled enabling this will allow you to access your device

40
00:02:36,910 --> 00:02:43,000
through the command line of your computer using the ADP tool says it's one thing to know if you're on

41
00:02:43,000 --> 00:02:47,410
like an emulator you won't actually have to do this step because it comes enabled by default.

42
00:02:47,410 --> 00:02:53,200
So from here we can launch up our command line and we can take a look at how we can access our device

43
00:02:53,260 --> 00:02:54,220
through the command line.

44
00:02:55,030 --> 00:03:00,670
So there is a tool called ADP which is installed typically with Android Studio and it has a whole bunch

45
00:03:00,670 --> 00:03:07,070
of different tools that allow us to sort of manipulate our device and be able to install different AP

46
00:03:07,090 --> 00:03:11,330
case for instance of querying content providers is another common thing.

47
00:03:11,440 --> 00:03:13,450
There's a lot of things that this is very useful for.

48
00:03:13,840 --> 00:03:19,600
One of the main things is getting a shell into your device to be able to you know navigate through it

49
00:03:19,600 --> 00:03:22,810
and to download pieces and all that good stuff right.

50
00:03:23,710 --> 00:03:26,320
So if you type an ADP devices

51
00:03:29,610 --> 00:03:35,280
in this case it just had to kill off the client and it started again but you'll see Oh give us a list

52
00:03:35,280 --> 00:03:38,230
of devices that are currently attached to our computer.

53
00:03:38,230 --> 00:03:41,490
So in this case we have one device which is the emulator.

54
00:03:41,490 --> 00:03:48,860
So if I were to type in now EDP shell what this will do is it will create a shell into the device itself.

55
00:03:48,870 --> 00:03:50,820
So you can see now we have a shell on the device.

56
00:03:50,820 --> 00:03:54,270
If I type in something like a less for insensible listed directories.

57
00:03:54,270 --> 00:03:58,980
So this is like a classic sort of computer shell just on a mobile device instead.

58
00:03:58,980 --> 00:04:03,540
So this is one thing that's very nice to be able to do with ADP is to be able to shell onto the device

59
00:04:03,540 --> 00:04:10,010
to gather information for instance to be able to find out where an app is installed or navigate to its

60
00:04:10,010 --> 00:04:15,420
specific directory that we're trying to access or you know just see data that's all the device.

61
00:04:15,470 --> 00:04:17,480
All of this you might not have permissions to.

62
00:04:17,640 --> 00:04:21,210
If you have a routed device you'll be able to escalate yourself to route and get permissions to these

63
00:04:21,210 --> 00:04:21,740
aspects.

64
00:04:21,750 --> 00:04:25,170
But typically you won't have permissions to everything.

65
00:04:25,170 --> 00:04:29,460
If we're trying to do this as a legitimate user we typically don't want route because we want to be

66
00:04:29,460 --> 00:04:32,010
able to do things that any sort of user would be able to do.

67
00:04:33,090 --> 00:04:37,470
So that's one thing that we're able to do with ADP and if I type an exit it will take me out at the

68
00:04:37,470 --> 00:04:38,850
show.

69
00:04:38,910 --> 00:04:43,580
Now what I really want to do is I want to install these two AP case that we have downloaded.

70
00:04:43,590 --> 00:04:49,260
So one way that we could do this is all C.D. to the directory and then what I can do is I can type in

71
00:04:49,400 --> 00:04:56,550
ADP install and I type in the name of the peak is you will say performing streamed install and then

72
00:04:56,550 --> 00:05:03,290
success and you'll see on my device I should have the I have the diva app available now.

73
00:05:03,330 --> 00:05:08,550
So you could see that installed the application for us and then I can do the same with the insecure

74
00:05:08,590 --> 00:05:12,360
bank and you can see that that will install the app as well.

75
00:05:12,390 --> 00:05:17,100
So that's the main thing that we're looking to do with ADP is just get these two applications installed

76
00:05:17,580 --> 00:05:23,100
and now that you have these two applications installed you'll be able to now follow along with all the

77
00:05:23,100 --> 00:05:25,380
different tutorials that we do with those two apps.

78
00:05:25,380 --> 00:05:31,050
So these two apps again have purposefully insecure setups which will allow us to sort of manipulate

79
00:05:31,050 --> 00:05:35,720
through them and attempt to attack them as you would maybe attack a legitimate application.

80
00:05:35,730 --> 00:05:41,670
So using these we'll be able to discuss a bit of the ideology of attacks and be able to actually practice

81
00:05:41,670 --> 00:05:43,580
it on legitimate applications.

82
00:05:43,590 --> 00:05:44,140
Right.

83
00:05:44,160 --> 00:05:49,700
So this will get you set up with all the things that you need to be able to follow along on the emulator.

84
00:05:49,710 --> 00:05:55,110
So from here we'll be discussing the actual concepts related to Android vulnerability analysis and Android

85
00:05:55,110 --> 00:05:56,670
penitent penetration testing.