1
00:00:01,710 --> 00:00:07,140
One of the first things that we would typically do with Dresser is utilize it to find an attack surface

2
00:00:07,140 --> 00:00:07,940
of the application.

3
00:00:07,950 --> 00:00:12,990
We're looking to attack so the very first thing that you can do here is you could do.

4
00:00:13,110 --> 00:00:19,650
You can run up package stuff list with this will do is it will list off like I said all of the applications

5
00:00:19,650 --> 00:00:21,750
that are currently installed on the device.

6
00:00:22,050 --> 00:00:28,000
And as you recall we were using the diva app which has this package name associated with it.

7
00:00:28,050 --> 00:00:32,700
This package name is what we're going to be using intros her to tell it what application to actually

8
00:00:32,700 --> 00:00:33,300
be scanning.

9
00:00:34,380 --> 00:00:40,620
So there are a few different like information gathering type of commands that we can run through dozer

10
00:00:41,040 --> 00:00:46,060
to be able to get a general information about the application that we're looking to attack.

11
00:00:46,170 --> 00:00:54,980
So the first is going to be run up dot package dot info and then you provide a hyphen a for an argument

12
00:00:54,990 --> 00:01:00,600
to give it the name of the application in wish to scan what this is going to do is it's going to give

13
00:01:00,600 --> 00:01:04,590
you a general high level overview of details about the application.

14
00:01:04,740 --> 00:01:08,580
What that means is you're going to tell you where the data directory is for instance some where the

15
00:01:08,580 --> 00:01:15,240
AP Cape path is what you ideas used with it what version the application is the name of it the process

16
00:01:15,270 --> 00:01:20,460
name you know anything that's really relevant or interesting what permissions it uses for instance as

17
00:01:20,460 --> 00:01:21,100
well.

18
00:01:21,150 --> 00:01:25,710
This gives us sort of like a high level understanding of information about the application it's something

19
00:01:25,710 --> 00:01:32,040
else like he gave us something similar would be an update package that manifests it's when you don't

20
00:01:32,040 --> 00:01:36,060
have to provide an argument you just put in the name of the application and you don't have to put the

21
00:01:36,070 --> 00:01:37,570
hyphen a.

22
00:01:37,620 --> 00:01:41,160
And this will give you the whole manifest file of the application itself.

23
00:01:41,190 --> 00:01:46,980
So if you remember when we did compile the application we can reach this through this manifest inside

24
00:01:46,980 --> 00:01:48,130
of the resources.

25
00:01:48,150 --> 00:01:51,830
So this is the same information as what we're getting here.

26
00:01:51,900 --> 00:01:56,040
The reason why we want to see this is because it can choice information about like game what kind of

27
00:01:56,040 --> 00:02:03,120
permissions are being used what versions of the of the SDK it's targeting and in general it can tell

28
00:02:03,120 --> 00:02:08,640
us a lot of very good pieces of information such as intense that may exist activities that may exist

29
00:02:09,300 --> 00:02:11,040
providers that may exist.

30
00:02:11,040 --> 00:02:15,720
So we get a whole bunch of information about the providers and activities and such.

31
00:02:15,720 --> 00:02:21,120
So if you want take this a little bit further we can look at the actual attack surface to get a more

32
00:02:21,120 --> 00:02:27,390
like generalized format of the like more like a summary I guess it's like a summary of the manifest

33
00:02:27,390 --> 00:02:31,680
file to tell us all the information about the things that we could possibly attack in the application.

34
00:02:31,680 --> 00:02:34,300
So I'm going to run them.

35
00:02:34,680 --> 00:02:36,840
Let's see ops package.

36
00:02:36,960 --> 00:02:44,580
Attack surface and I'll put in the name the application.

37
00:02:44,670 --> 00:02:48,680
What this will do is it will scan the application to tell you information about the attack surface.

38
00:02:48,710 --> 00:02:53,280
So it tells us about activities broadcast receivers content providers in services.

39
00:02:53,310 --> 00:02:55,970
It also tells us that the application is debug able or not.

40
00:02:56,460 --> 00:02:59,160
So each of these are things that we might be able to attack.

41
00:02:59,160 --> 00:03:01,820
This one's got activities and content providers.

42
00:03:01,950 --> 00:03:08,400
These are able to be used for activities typically could show us potential access control violations

43
00:03:08,760 --> 00:03:13,890
whereas content providers could potentially show us some instances where queries might be able to be

44
00:03:13,890 --> 00:03:16,740
used to do a sequel injection and that sort of thing.

45
00:03:16,740 --> 00:03:22,380
So this helps to expose the general attack surface of our application and helps us gather a bit more

46
00:03:22,380 --> 00:03:24,750
information about the application itself.

47
00:03:24,750 --> 00:03:28,500
And then from here we can take a look at some of the different types of attacks that we can do inside

48
00:03:28,500 --> 00:03:29,040
of Dresdner.