Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      1337day-Exploits

      Android Privilege Escalation

      Recommended Posts

      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe
          Dexcalibur
          Dexcalibur is an Android reverse engineering platform focus on instrumentation automation. Its particularity is to use dynamic analysis to improve static analysis heuristics. It aims to automate boring tasks related to dynamic instrumentation, such as :

          Hidden Content
          Give reaction to this post to see the hidden content.
              Decompile/disass intercepted bytecode at runtime
              Write hook code and Manage a lot of hook message
              Search interesting pattern/things to hook
              Process data gathered by hook (dex file, invoked method, class loader, …)
              and so … But not only that, because Dexcalibur has its own static analysis engine and it is able to execute a partial piece of smali.
          Features and limitations
          Actually, the biggest limitation is Dexcalibur is not able to generate source code of hook targeting native function (into JNI library). However, you can declare manually a Frida’s Interceptor by editing a hook.
          Assuming Dexcalibur does not provide (for the moment) features to analyze native parts such as the JNI library or JNA, only features and limitations related to the Java part have been detailed.
          Analysis accuracy depends on the completeness of the Android API image used during the early steps of the analysis. That means, if you use a DEX file generated from the Android.jar file from Android SDK, some references to internal methods, fields, or classes from Android java API could be missing. Better results are obtained when the analysis starts from a “boot.oat” file extracted directly from a real device running the expected Android version.

          Hidden Content
          Give reaction to this post to see the hidden content. Changelog v0.7.8
          Fixed issues :
              #43, #42 : Better detection and remediation of issues related to target platform and to target device
          Improvements :
              SmaliParser works on Windows
              Add support of Android API 30

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. What you'll learn
              Penetration Tests
              Privilege Escalation for Windows
              Privilege Escalation for Linux
              CTF Solutions
          Requirements
              This is an intermediate to advanced course, please refer to previous courses if you have no cybersecurity fundamental training
              Minimum intermediate cyber security knowledge
              Minimum beginner Python knowledge
              Optional: HackTheBox membership (Only for two sections, thus optional)
          Description
          Welcome to The Complete Pentesting & Privilege Escalation Course
          If you want to become a cyber security professional, if you want to deepen your knowledge in ethical hacking topics, if you are preparing yourself for certifications such as OSCP; then you are at the right place! This is an intermediate to advanced course. If you want to make most of it, you should already have a background in cyber security and Python.
          Throughout the course we will solve number of vulnerable machines on Vulnhub, TryHackMe & HackTheBox along with the other platforms. Especially Privilege Escalation topic will be thoroughly explained during the course, which will provide you the best tools if you are studying to get a certification such as OSCP. Furthermore we will not only focus on Linux machines but Windows machines as well.
          Training is given by Atil Samancioglu who has more than 200.000 students worldwide on Ethical Hacking & Mobile Application Development topics along with the Codestars serving more than 1 MM students. If you are ready to take your ethical hacking skills to next level you can immediately see the content of the course and enroll today!
          Some of the topics that we are going to cover during the course, completely hands-on:
              Advanced Linux
              CTF Solutions
              Linux Privilege Escalation
              Windows Privilege Escalation
              Kernel Exploit
              Suid
              Sudo
              Cronjobs
              Metasploit
              Potato Attacks
              Brute Force
              Meterpreter Shells
          Content
          This training will be completely hands on experience but without neglecting the theory. We will cover a lot of scenarios when we solve vulnerable machines which you will face a lot during pentests and certification exams. This will be a big step for you to advance your cyber security career.
          In order to make most of this course you should have taken The Complete Ethical Hacking Course and similar courses before. You should have a working Kali Linux or a counterpart system already, this will not be covered during the course.
          Due to the licensing issues, in the Windows pentest & privilege escalation sections we will need a Hack The Box membership. If you do not want to pay for that, you can always watch the last two sections by only taking notes, without exercising. However you should take into consideration that by exercising you can learn in a better way.
          Warning: This course aims to provide a good training for people who want to be cyber security professionals. You should not break the law in any way with the offensive penetration test techniques and you accept the responsibility by taking this course.
          Who this course is for:
              Students who want to be cyber security professionals
              Cyber security professionals who wants to get a certification
              Cyber security students who wants to deepen their knowledge about pentests and privilege escalation
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. What you'll learn
              Penetration Testing with Android Application
              Hacking Mobile Application
              Reverse Engineering of APK
          Requirements
              Learning Mindset
          Description
          This course includes customized VM with pre-installed tools which will save your time in installing multiple tools required for penetration testing of mobile applications.
          - Start from Android architectures basics.
          - Get a Customized VM with pre-installed tools
          - Automated the Mobile Application Testing Process
          - Covers Mobile applications reverse engineering.
          - Practice on real world mobile applications.
          - Build your own home lab on mobile application security.
          - Provides you the skills necessary to perform Penetration tests of mobile applications.
          - Automate the process of Mobile Testing
          - Cover OWASP Top 10 vulnerabilities
          Syallabus includes:-
          Syllabus:
              Introduction To Mobile Apps.
              Mobile Application Security.
              Mobile Application Penetration Testing.
              The most common areas where we find mobile application data resides.
              The Architecture of Android.
              The App Sandbox and the Permission Model.
              AndroidManifest.xml File.
              Android Compilation Process.
              Android Startup Process.
              Android Application Components.
              Setup a testing environment.
              Android Debug Bridge (adb).
              intercept and analyze the network traffic.
              Reversing an Android application.
              OWASP top 10 vulnerabilities for mobiles.
              Install DIVA (Damn insecure and vulnerable App).
              Insecure Logging Issue.
              Insecure Data Storage.
              Database Insecure Storage.
              Insecure Data Storage Inside Temporary Files.
              Hardcoding Issues.
          NOTE: This course is created for educational purposes only.
          Who this course is for:
              Penetration testers
              Forensers
              Mobile App Developers
              IT personnel
              Anyone who has a personal or professional interest in attacking mobile applications.
              All who wants to start their carrier in android security.
          Who this course is for:
              Android Penetration Testing
          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Update 30.01.2021 - Fusion Edition
              You can multiple operation handle; multiple files upload and download, while watch live cam or screen watch, download or upload files multiple.
              Builder error fixed. Now there no will be error.
              Performance increased.
              while Doze Mode (sleep mode) your victim can connect by hand Alarm Manager to server and communicate wtih you.
              If server has no internet, victim can re-connect to server while internet avaible on Server.
              Snapshot from camera is currently disabled by me. [I'm too lazy for re-coding this for new Socket instance :)].
              Added settings for emui devices(huawei, oppo, honor etc....) for background working.
              and some bug fixing, performance stabilisations etc......
          Version 3
          +Added live Camera stream (with resolution,zoom,flash,quality controls and scene,focus,white balance mode)
          +Fixed loss data transfer
          +Some excess codes have been removed
          +Performance has been increased

          Hidden Content
          Give reaction to this post to see the hidden content.