How to use Drozer to exfiltrate juicy data by exploiting a vulnerability in an application
Use-case : we have successfully convince our target to install our application (including Drozer client behavior)
We analyze the Flitter application
We find a vulnerable Activity
The installed app is running a server that allows the attacker to connect as a client
The installed app has uploaded a payload in /sdcard/Download
Exploiting the attack will allow to exfiltrate banking credentials
We analyze the Flitter application
We find a vulnerable Activity
The installed app is running a server that allows the attacker to connect as a client
The installed app has uploaded a payload in /sdcard/Download
Exploiting the attack will allow to exfiltrate banking credentials
همه توضیحات ...