1 00:00:01,800 --> 00:00:07,830 In this video we're going to discuss how to setup and install drove Syria there is an application that 2 00:00:07,830 --> 00:00:13,410 is used for infrared pen testing to be able to help to automate and detect vulnerabilities that are 3 00:00:13,410 --> 00:00:16,090 common for Android applications. 4 00:00:16,140 --> 00:00:21,810 It works by detecting attack surfaces of the applications typically through things like content providers 5 00:00:22,110 --> 00:00:29,460 export ad activities services and broadcast receivers and then it allows you to find those and potentially 6 00:00:29,580 --> 00:00:34,260 run some automated tests to be able to detect if they're vulnerable to some common vulnerabilities for 7 00:00:34,260 --> 00:00:34,820 instance. 8 00:00:34,920 --> 00:00:39,930 Content providers could be vulnerable to sequel injections so we can read some sequel injection code 9 00:00:39,930 --> 00:00:44,670 through drones or to test them a whole bunch of content providers at once to see if any of them are 10 00:00:44,670 --> 00:00:45,710 vulnerable. 11 00:00:45,720 --> 00:00:48,680 So this is a very powerful and useful application. 12 00:00:48,690 --> 00:00:52,520 There's a lot of different ways to use it which will go over in future videos. 13 00:00:52,530 --> 00:00:57,630 However for now I'm just going to demonstrate how to actually install drones are just to allow you to 14 00:00:57,630 --> 00:00:58,550 get set up with it. 15 00:00:58,560 --> 00:01:04,410 Before we dive into anything more so the very first thing that you'll need is Python to installed on 16 00:01:04,410 --> 00:01:05,220 your computer. 17 00:01:05,220 --> 00:01:09,420 I'm going to use version two point seven point eighteen just because it's the newest version at this 18 00:01:09,420 --> 00:01:11,170 point of making this video. 19 00:01:11,280 --> 00:01:14,920 You can use whatever version too you really want for this. 20 00:01:15,000 --> 00:01:18,690 That being a newer version of Version 2 that comes with Pip packaged in it. 21 00:01:18,930 --> 00:01:23,310 I think that sort of does of two point seven point nine but really just pick the newest version and 22 00:01:23,310 --> 00:01:25,760 you should have pip installed with it. 23 00:01:25,830 --> 00:01:28,940 So we're gonna go out and run this and I'll install it for all users. 24 00:01:28,980 --> 00:01:34,190 I'll put in the typical Python 2 7 directory if you want check if Pip is installed you should see it 25 00:01:34,200 --> 00:01:36,330 here with the little Hard Drive icon next to it. 26 00:01:36,360 --> 00:01:42,090 So you want to make sure that your Pip is actually present there and I will go ahead and hit next and 27 00:01:42,090 --> 00:01:44,650 let it install Python 2 for us. 28 00:01:44,790 --> 00:01:49,440 The reason I want pip installed is because there are a few dependencies that droves are actually relies 29 00:01:49,440 --> 00:01:49,920 on. 30 00:01:49,920 --> 00:01:55,530 So we want to make sure that those dependencies are present just to ensure that nothing is broken when 31 00:01:55,530 --> 00:01:57,350 we try to actually run grocer. 32 00:01:57,510 --> 00:02:03,600 So the general concept of drones is that it's gonna be able to create a link between our device and 33 00:02:03,600 --> 00:02:04,530 our computer. 34 00:02:04,530 --> 00:02:09,390 Sort of similar to the ADP link that will allow us to run some like automated testing and commands through 35 00:02:09,390 --> 00:02:12,210 that link and all the scripts are written in Python. 36 00:02:12,210 --> 00:02:16,710 They're all open source and get hub so you can see all the scripts you can contribute to them and you 37 00:02:16,710 --> 00:02:19,050 can utilize them as you please. 38 00:02:19,050 --> 00:02:23,950 So you can see here we finished the install for Python so what do they do now. 39 00:02:23,970 --> 00:02:26,890 It's going to go into a command line and I got typed in. 40 00:02:27,870 --> 00:02:32,730 You should see something like this if Pip has installed properly and we're gonna go to install some 41 00:02:32,730 --> 00:02:38,100 of these so the prerequisites for dressers so we'll say pip install we're going install prototype up 42 00:02:39,810 --> 00:02:42,420 so we'll let this run through. 43 00:02:42,510 --> 00:02:51,220 We're also gonna go ahead and install pi Open SSL is another important one that allows us to make the 44 00:02:51,220 --> 00:02:59,740 connection between the devices and we'll see pip install twisted and I think there's one other dependency 45 00:02:59,770 --> 00:03:05,380 we'll be able to see that when we actually install it one run dozer for the first time but these are 46 00:03:05,380 --> 00:03:10,570 the three that are mostly required for a fresh install of Python. 47 00:03:10,570 --> 00:03:15,580 There may be one or two more depending on your python installation so we'll check those out once these 48 00:03:15,820 --> 00:03:17,000 finish off. 49 00:03:17,020 --> 00:03:22,270 So in general dozer can be installed from the labs f secure pitch. 50 00:03:22,270 --> 00:03:24,860 This is the general web page for Derosa. 51 00:03:25,030 --> 00:03:30,370 If you're looking for this web page I can put more links into a resources section for this course so 52 00:03:30,370 --> 00:03:34,320 that you're able to access these links and be able to get to the content that you need. 53 00:03:34,390 --> 00:03:37,400 But yeah that's the general location of where this is located. 54 00:03:37,510 --> 00:03:41,930 If you google search for drones or it will be probably the first or second result sometimes the hub 55 00:03:41,980 --> 00:03:43,000 page comes up first. 56 00:03:43,000 --> 00:03:48,850 You can also go there to get the installer the insight that I use is the MSA is the easiest one for 57 00:03:48,910 --> 00:03:49,420 Windows. 58 00:03:49,430 --> 00:03:52,050 There's of course Linux and Mac installers as well. 59 00:03:52,060 --> 00:03:58,450 Just in case you're using one of those you allow us to install it for all users and yet to be a bit 60 00:03:58,450 --> 00:03:59,680 careful with this. 61 00:03:59,680 --> 00:04:04,780 If you have multiple versions of python it might default to Python 3 which you don't want to install 62 00:04:04,820 --> 00:04:09,100 to as far as I understand Groser isn't really compatible with Python 3. 63 00:04:09,100 --> 00:04:14,770 So you want to select Python 2 from another location so we can click here and say we'll be installed 64 00:04:14,770 --> 00:04:19,230 on the local hard drive and then we just want to navigate to where python is. 65 00:04:19,240 --> 00:04:29,270 So it's typically under C Python 2 7 so we'll put in this exact path here and then once we've done this 66 00:04:29,270 --> 00:04:36,020 we can go out and click next and then it will install the the components into the Python 2 directory. 67 00:04:36,040 --> 00:04:40,820 The reason I want the components in the Python 2 directory is because our path variable is set to run 68 00:04:40,820 --> 00:04:43,890 anything from the directory but this one stall to. 69 00:04:44,000 --> 00:04:49,080 So I means that we can run it through our command line and it has easy access to the proper Python installation. 70 00:04:49,100 --> 00:04:55,190 So once that's done it will be able to click finish and if you want to test if it's working or not you 71 00:04:55,190 --> 00:05:03,340 can just type in droves or dot that console connectors we all season we'll try to connect that device 72 00:05:03,340 --> 00:05:06,760 you a pop up any error messages that may exist. 73 00:05:06,920 --> 00:05:12,140 So for instance you can see that we get this error no module named service identity. 74 00:05:12,170 --> 00:05:18,530 This tells us that we need to install a service identity which you can do by saying him install service 75 00:05:18,560 --> 00:05:26,090 underscore identity you'll see it will work for a little bit and then it will install that for us and 76 00:05:26,090 --> 00:05:32,430 then well we should have everything that we need installed for Groser so now that everything's installed 77 00:05:32,430 --> 00:05:36,870 for Groser we can try running this again and we should just see an issue saying there's no device to 78 00:05:36,870 --> 00:05:41,400 connect to and that will allow us to move on to our next step which is just to setup our device with 79 00:05:41,450 --> 00:05:42,940 drones. 80 00:05:43,080 --> 00:05:47,280 So this looks perfect this is exactly what we want to see when this happens. 81 00:05:47,280 --> 00:05:50,360 We just want to be able to install Rozier on our device. 82 00:05:50,520 --> 00:05:55,380 So I'm gonna go into Google Chrome here and I'll just accept through these and get us through to the 83 00:05:55,380 --> 00:06:03,220 default page and we'll just go ahead and type in grocer so once you've typed that in you should see 84 00:06:03,220 --> 00:06:09,510 there's that page here and then there's the F secure labs page we'll go to the F secure labs and it's 85 00:06:09,510 --> 00:06:14,320 gonna scroll all the way to the bottom here and we should see the different installer so as you can 86 00:06:14,320 --> 00:06:19,810 see there's like the RPF the Ubuntu archive there's the MSA that I was using to install it and then 87 00:06:19,810 --> 00:06:25,420 there's the AP Okay so go to click on the AP okay it will ask us if we want to give permission to download 88 00:06:25,420 --> 00:06:31,480 and sell files which will allow we will download it to the downloads folder so this is okay and then 89 00:06:31,480 --> 00:06:35,500 I can click okay here to try to open it right. 90 00:06:35,560 --> 00:06:39,370 And then it's going to ask me if I want to allow for unknown apps to be installed we'll go into the 91 00:06:39,370 --> 00:06:44,860 settings and we'll go out and talk of this to allow apps from this source once this is done I can press 92 00:06:44,860 --> 00:06:51,190 on the back arrow and I'll be able to install the dozer agent click on install a run through the installer 93 00:06:51,190 --> 00:06:57,040 and then I'll be able to open up the application send out dozer is installed on this device. 94 00:06:57,040 --> 00:07:01,630 So with this we can turn on the embedded server and this is what allows us to be able to connect between 95 00:07:01,630 --> 00:07:06,270 the computer and Roser it's running on Pt. 3 1 4 1 5. 96 00:07:06,310 --> 00:07:08,320 You can see that on the bottom here. 97 00:07:08,410 --> 00:07:13,390 So we need to do is we need to forward a TGP connection between our computer and the device on Pt. 3 98 00:07:13,390 --> 00:07:14,830 1 4 1 5. 99 00:07:14,890 --> 00:07:23,530 So to do this we just go at ADP forward DCP Cohen 3 1 4 and 5 and we do the same thing again running 100 00:07:23,590 --> 00:07:28,160 this command will create that tunnel between the two devices. 101 00:07:28,240 --> 00:07:33,140 Once this is done you'll get a 3 1 4 1 5 in response to verify that everything worked. 102 00:07:33,140 --> 00:07:35,980 And now once we do this we can take in droves there. 103 00:07:36,000 --> 00:07:42,850 But console connects and what you'll see is it will actually connect to a device and be working as we 104 00:07:42,850 --> 00:07:49,000 want it to may take a few minutes depending on how fast your internet connection is and you should see 105 00:07:49,000 --> 00:07:51,540 something that looks like this. 106 00:07:51,720 --> 00:07:57,780 And if you want to test that it's working you can run a few different commands so we can say run up 107 00:07:57,800 --> 00:08:04,950 top package dot list what this will do is it will list all of the applications that are on the device. 108 00:08:05,080 --> 00:08:10,290 So if this command works for you then you now have dresser setup and installed correctly. 109 00:08:10,540 --> 00:08:14,370 And now in the next few videos we'll take a look at some of the things that we can do with drones or 110 00:08:14,380 --> 00:08:20,710 to be able to you know analyze applications and determine if they're vulnerable or not using the tools 111 00:08:20,710 --> 00:08:22,000 that are available to us in here.