AI Summary: Android-Exploits is a repository that consolidates various Android exploits and provides a comprehensive guide for conducting Android exploitation. Its primary use case is to facilitate the testing and assessment of Android application security vulnerabilities through categorized exploits such as Denial of Service, local, remote, and web application exploits. Notable features include detailed instructions for utilizing the exploits alongside third-party tools like ExploitPack, along with references to common mobile hacking tools and resources related to Android security risks.

README

Android-Exploits

A collection of android Exploits and guide on android exploitation

root@n3x7:~$ ls -l
drwxr-xr-x  dos     - Denial Of Service exploits
drwxr-xr-x  local   - Local Exploits
drwxr-xr-x  remote  - remote exploits
drwxr-xr-x  webapps - webapp exploits

Usage and Where to start

Clone me :)

git clone https://github.com/sundaysec/Android-Exploits.git

Recommend you grab exploitpack latest version

wget https://github.com/juansacco/exploitpack/archive/master.zip

Extract then Navigate into the folder and type:

java -jar ExploitPack.jar

Load the exploits

Learn and hack

OWASP Top 10 Mobile Risks

1. Insecure Data Storage
2. Weak Server Side Controls
3. Insufficient Transport Layer Protection
4. Client Side Injection
5. Poor Authorization and Authentication
6. Improper Session Handling
7. Security Decisions Via Untrusted Inputs
8. Side Channel Data Leakage
9. Broken Cryptography
10. Sensitive Information Disclosure

───────▀▄───▄▀────────
──────▄█▀███▀█▄───────
─────█▀███████▀█──────
─────█─█▀▀▀▀▀█─█──────
────────▀▀─▀▀─────────
-->> exploit

Common Tools(In mobile Exploits)

• SSH
• VNC server
• A compiler (gcc / agcc)
• Android SDK (adb!)
• XCode
• Jailbroken iDevice
• Rooted Android Device

Android Hacking Tools

Mobile Apps (Hack On Android)

• AndroRat - Android Remote Administrative Tool
• cspoilt - A tool that enumerates local hosts, finds vulnerabilities and their exploits, cracks Wi-Fi password, installs backdoors blablabla!!!
• Hackode - All In One Android Pentest Tool
• zANTI - Network mapping, port discovery, sniffing, packet manipulation, DoS, MITM blablabla!!
• FaceNiff - Intercept and sniff WiFi network traffic for Social Media packets
• Droidsheep - Android application that analyzes security in wireless networks and also captures Twitter, Linked, Facebook, and other accounts
• USB Cleaver - Silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information
• Shark - Network Packate analysis tool
• DroidBox - Dynamic analysis of Android apps
• Wi-Fi Kill - Disable other Users from WiFi Access

Books and Articles

• A survey of Android exploits in the wild - The Android operating system Exploitation Survey
• Popular Android Exploits - Introduction to Android Exploits.
• Own your Android! Yet Another Universal Root - Android root exploitation
• ASDC12-Smart_Bombs_Mobile_Vulnerability_and_Exploitation - Mobile Vulnerability Exploitation
• BlueBorne - Android Exploit - Exploiting an RCE Over the Air
• EVOLUTION OF ANDROID EXPLOITS - Evolution of Android exploits from a statistical analysis tool perspective
• Hacking Androids for Fun and for Profit - Android Exploitation

This work is licensed under a Creative Commons Attribution 4.0 International License.