Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learning Pentesting for Android Devices
  • Table Of Contents Toc
Learning Pentesting for Android Devices

Learning Pentesting for Android Devices

By : Aditya Gupta
4.3 (11)
Buy this Book
close
close
Learning Pentesting for Android Devices

Learning Pentesting for Android Devices

4.3 (11)
By: Aditya Gupta
Buy this Book

Overview of this book

Table of Contents (18 chapters)
close
close
close
Learning Pentesting for Android Devices
Icon
Learning Pentesting for Android Devices
Credits
Icon
Credits
Foreword
Icon
Foreword
About the Author
Icon
About the Author
Acknowledgments
Icon
Acknowledgments
About the Reviewers
Icon
About the Reviewers
www.PacktPub.com
Icon
www.PacktPub.com
Preface
Icon
Preface
Lock Free Chapter
1
Getting Started with Android Security
Icon
Getting Started with Android Security
Icon
Introduction to Android
Icon
Digging deeper into Android
Icon
Sandboxing and the permission model
Icon
Application signing
Icon
Android startup process
Icon
Summary
2
Preparing the Battlefield
Icon
Preparing the Battlefield
Icon
Setting up the development environment
Icon
Useful utilities for Android Pentest
Icon
Summary
3
Reversing and Auditing Android Apps
Icon
Reversing and Auditing Android Apps
Icon
Android application teardown
Icon
Reversing an Android application
Icon
Using Apktool to reverse an Android application
Icon
Auditing Android applications
Icon
Content provider leakage
Icon
Insecure file storage
Icon
OWASP top 10 vulnerabilities for mobiles
Icon
Summary
4
Traffic Analysis for Android Devices
Icon
Traffic Analysis for Android Devices
Icon
Android traffic interception
Icon
Ways to analyze Android traffic
Icon
HTTPS Proxy interception
Icon
Extracting sensitive files with packet capture
Icon
Summary
5
Android Forensics
Icon
Android Forensics
Icon
Types of forensics
Icon
Filesystems
Icon
Using dd to extract data
Icon
Using Andriller to extract an application's data
Icon
Using AFLogical to extract contacts, calls, and text messages
Icon
Dumping application databases manually
Icon
Logging the logcat
Icon
Using backup to extract an application's data
Icon
Summary
6
Playing with SQLite
Icon
Playing with SQLite
Icon
Understanding SQLite in depth
Icon
Security vulnerability
Icon
Summary
7
Lesser-known Android Attacks
Icon
Lesser-known Android Attacks
Icon
Android WebView vulnerability
Icon
Infecting legitimate APKs
Icon
Vulnerabilities in ad libraries
Icon
Cross-Application Scripting in Android
Icon
Summary
8
ARM Exploitation
chevron up
Icon
ARM Exploitation
Icon
Introduction to ARM architecture
Icon
Setting up the environment
Icon
Simple stack-based buffer overflow
Icon
Return-oriented programming
Icon
Android root exploits
Icon
Summary
9
Writing the Pentest Report
Icon
Writing the Pentest Report
Icon
Basics of a penetration testing report
Icon
Writing the pentest report
Icon
Summary
Icon
Security Audit of
Icon
Table of Contents
Icon
1.
Icon
2. Auditing and Methodology
Icon
3. Conclusions
1
Index
Icon
Index

Simple stack-based buffer overflow

In simple words, a buffer is a place to store any kind of data. An overflow occurs when the data in the buffer exceeds the size of the buffer itself. An attacker can then perform an overflow attack so as to get control of the program and execute malicious payloads.

Let's use an example of a simple program and see how we could exploit it. In the following screenshot, we have a simple program with three functions: vulnerable, ShouldNotBeCalled, and main. The following is the program we are trying to exploit:

The ShouldNotBeCalled function is never called during the entire runtime of the program.

The vulnerable function simply copies the argument into a buffer named buff that is 10 bytes in size.

Once we have finished writing the program, we could compile it using gcc, as shown in the next command. Also, we will disable the Address Space Layout Randomization (ASLR) here, just to make the scenario a little bit simpler. ASLR is a security technique implemented by...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Learning Pentesting for Android Devices
End of Section 8
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon