标签:拒绝服务 None 批量 package drozer stdout write self
drozer可以检测出安卓暴露的四大组件,一个个尝试是否存在越权、拒绝服务等太麻烦,又耗时间。
所以一般机械式的重复性工作我们都可以利用工具来帮我们实现:
1.drozer工具的基础使用:
https://blog.csdn.net/lmh666888/article/details/125644667
2.drozer批量检测拒绝服务:
添加drozer模块,进入drozer目录:
进入drozer/modules/app/打开package.py,在最后增加我们自己编写的批量检测代码
新加一类,代码如下:
host = platform.system().lower()
class Deny(Module, common.Filters, common.PackageManager):
name = "find NullPointerException"
description = "."
examples = """
dz> run app.package.deny com.android.browser
"""
license = "BSD (3 clause)"
path = ["app", "package"]
permissions = ["com.mwr.dz.permissions.GET_CONTEXT"]
def add_arguments(self, parser):
parser.add_argument("package", help="the identifier of the package to inspect")
def attack(self,component,package,flags):
act=None
cat=None
data=None
comp=(package,component.name)
extr=None
flgs=None
if(flags=='activity'):
flgs =['ACTIVITY_NEW_TASK']
intent = android.Intent(action=act,component=comp,category=cat,data_uri=None, extras=extr, flags=flgs, mimetype=None)
if intent.isValid():
if(flags=='activity'):
self.getContext().startActivity(intent.buildIn(self))
if(flags=='service'):
self.getContext().startService(intent.buildIn(self))
if(flags == 'receiver'):
self.getContext().sendBroadcast(intent.buildIn(self))
else:
self.stderr.write("[-] Invalid Intent!\n")
def execute(self, arguments):
if arguments.package != None:
package = self.packageManager().getPackageInfo(arguments.package, common.PackageManager.GET_ACTIVITIES | common.PackageManager.GET_RECEIVERS | common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_SERVICES)
application = package.applicationInfo
activities = self.match_filter(package.activities, 'exported', True)
receivers = self.match_filter(package.receivers, 'exported', True)
providers = self.match_filter(package.providers, 'exported', True)
services = self.match_filter(package.services, 'exported', True)
self.stdout.write("Attack Surface:\n")
self.stdout.write(" %d activities exported\n" % len(activities))
self.stdout.write(" %d broadcast receivers exported\n" % len(receivers))
self.stdout.write(" %d content providers exported\n" % len(providers))
self.stdout.write(" %d services exported\n" % len(services))
if (application.flags & application.FLAG_DEBUGGABLE) != 0:
self.stdout.write(" is debuggable\n")
if package.sharedUserId != None:
self.stdout.write(" Shared UID (%s)\n" % package.sharedUserId)
actions=[activities,receivers,services]
action_str=['activity','receiver','service']
i=-1
try:
for action in actions:
i+=1
if len(action) > 0:
for tmp in action:
try:
if len(tmp.name) > 0:
self.stdout.write(" [+]%s name:%s\n" % (action_str[i],tmp.name))
self.attack(component=tmp, package=arguments.package, flags=action_str[i])
if host == "windows":
os.system("pause")
else:
input('')
except Exception, e:
self.stdout.write(" error-->%s name:%s\n" % (action_str,tmp.name))
self.stdout.write(" errorcontent:%s\n" % e)
continue
except:
self.stdout.write(" error")
else:
self.stdout.write("No package specified\n")
3.连接drozer进行尝试:
每次只需要敲回车便可以对组件进行测试:
标签:拒绝服务,None,批量,package,drozer,stdout,write,self 来源: https://www.cnblogs.com/roothide/p/16554045.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。