AndroGoat Application Vulnerability Assessment
AndroGoat Application Vulnerability Assessment
-Sadiq S.
How to Mitigate the Vulnerability:
Vulnerability Number: 2
-Sadiq S.
Proof of Concept:
-Sadiq S.
4. In addition, it can be interesting to clear the clipboard after
taking the contents, to avoid other apps read them and leak what
the user is doing.
Vulnerability Number: 3
-Sadiq S.
Proof of Concept:
Part 1:
-Sadiq S.
Part 2:
Vulnerability Number: 4
-Sadiq S.
Steps to reproduce:
1. Using ApkTool we will decompile the application.
2. And we can go to ‘C:\Appie\bin\adt\sdk\platform-
tools\AndroGoat\res\values’ and we can go in strings and get
hard coded information.
3. And to get the source code we will use dex2jar and jd gui.
4. We will put our apk into dex2jar folder. And open cmd in that
folder.
5. Then type: ‘d2j-dex2jar.bat AndroGoat.apk’. And we will get a
jar file.
6. And we will open the jar file in JD-gui. And we will get the
source code.
7. There we can see our package name ‘owasp.sat.agoat’. In that
folder we can see HardCodeActivity.class. Inside that class file
we can get the promocode as ‘NEW2019’.
Proof of Concept:
-Sadiq S.
How to Mitigate the Vulnerability:
1. Developer should not hardcode sensitive information.
2. Developers should prevent from leaking data in the source code.
3. If hardcoding is needed, use cryptography to encrypt that
information
Vulnerability Number: 5
Vulnerability Name: Application-Level Denial-of-Service
Vulnerability Critical Level: Low
Vulnerable Application Name: AndroGoat
Vulnerability Description: Application layer DoS attacks are
designed to attack the application itself, focusing on specific
vulnerabilities or issues, resulting in the application not being able to
deliver content to the user.
Steps to reproduce:
1. Install drozer agent in android.
2. In appie type ‘adb forward tcp:31415 tcp:31415’
3. Then type ‘drozer console connect’
-Sadiq S.
This will start a drozer console.
4. In drozer console type ‘run app.package.list -f agoat’ – This will
give us package name.
5. Type ‘run app.package.attacksurface owasp.sat.agoat’ – This
will return attacksurface.
6. We can see there are 2 Activities and 1 service exported.
7. First, we will exploit application using activity. Type ‘run
app.activity.info -a owasp.sat.agoat’- This will return the
activities name.
8. To exploit this type ‘run.app.activity.start --component
owasp.sat.agoat owasp.sat.agoat.SplashActivity’ – This will
crash the application and show splash screen.
9. Type ‘run.app.activity.start --component owasp.sat.agoat
owasp.sat.agoat.AccessControlViewActivity’ – This will crash
the application and take us to unprotected Android Component.
10. After using activity we will use the service to exploit. Type
‘run app.service.info -a owasp.sat.agoat’ - This will return the
service name.
11. To exploit this type ‘run.app.service.start --component
owasp.sat.agoat owasp.sat.agoat.DownloadInvoiceService’ –
This will crash the application and it will create a service first
then it will download an invoice.
Proof of Concept:
For activity:
-Sadiq S.
Splash Screen: Access Control View Activity:
For service:
-Sadiq S.
How to Mitigate the Vulnerability:
1. Use flow telemetry analysis supplemented with behavioral
analysis to detect abnormalities and attacks. Focus on
understanding what is normal. This will simplify the
identification of abnormalities.
2. Use an IDMS to detect abnormal behavior and application layer
attacks that require advanced and active mitigation; and using
this approach in conjunction with BGP FlowSpec Offload when
and where appropriate.
Vulnerability Number: 6
Vulnerability Name: Insecure Protocols
Vulnerability Critical Level: High
Vulnerable Application Name: AndroGoat
Vulnerability Description: A protocol, service, or port that
introduces security concerns due to the lack of controls over
confidentiality and/or integrity.
These security concerns include services, protocols, or ports that
transmit data or authentication credentials (for example,
password/passphrase) in clear-text over the Internet, or that easily
allow for exploitation by default or if misconfigured.
Examples of insecure services, protocols, or ports include but are not
limited to FTP, Telnet, POP3, IMAP, and SNMP v1 and v2.
Steps to reproduce:
1. Just Connect Burpsuite proxy to our android. Once connected
start the intercept. It will intercept each and every request
coming from our android.
2. Now in androgoat application go to Network intercept. And
click on http. It will send a http request using demo.testfire.net.
And we can see burpsuite have intercept it. Also if there was any
password in the request we could have seen it in clear text.
-Sadiq S.
3. Now click on https. It will send a https request using owasp.org.
And we can see burpsuite have intercept it. Also if there was any
password in the request we could have seen it in clear text.
Proof of Concept:
HTTP request:
HTTPS request:
-Sadiq S.
How to Mitigate the Vulnerability:
1. The first and most obvious is to find devices running services
like Telnet and SNMPv1/2, and to replace them with a more
secure option.
2. Locating devices like these is easy with a network operations
system that keeps track of which ports and services are
running on which devices.
3. Once you’ve identified the insecure devices, replace Telnet with
SSH-2, and upgrade installations of SNMPv1 and SNMPv2 with
SNMPv3, which is much more secure than its predecessors.
-Sadiq S.