Get the script

Screenshot

Backtrack5 Update Script

Source: backtrack-linux.org

Backtrack5 Update Script Info
App Name	Backtrack5 Update Script
License	free
Type	code
App URL
More Info	link

This is not made to encourage piracy/plagiarism in any case.

How To

1. Extract batch file and lib folder to C:\apk2java\ (or any folder that doesnt have space in its path)

2. Backup the target app’s apk from phone to PC via ASTRO Browser (check this post for details)

3. Keep the target apk in the root folder where batch file is present

4. Run ‘apk2java.bat target.apk’ in cmd

c:\apk2java>apk2java.bat target.apk

5. Result : java and resource files available in ‘src’

Note: This batch just automates the sequence in which various tools are initiated and does not handle any error events. You will have to go through the cmd verbose to figure out the problem.

Note 2: ‘lib’ folder contains apk-tool files (apk-tool.jar, aapt.exe), jad.exe, 7zip (7za.exe), dex2jar files (all other jars).  If required, update each of those tools by replacing it with latest copy from links mentioned below.

Requirements

• Windows (but can be ported to *NIX)
• JRE 1.6 (Java Runtime Environment)

Tools in lib

• Dex2jar – Converts Android dex format to jar (link)
• JAD – Java Decompiler CLI (link)
• 7Zip – Unarchival  (link)
• apk-tool – Extracts resources from apk (link)
• aapt – Android Asset Packaging Tool (link)
• aapt commands (link)

apk2java Info
App Name	apk2java
License	free
Type	code
App URL
More Info	link

Download .apk file from market

1. Search in market for the app you want to decompile and install it on your phone.
2. Install Astro File Manager from market (link). Open Astro > Tools > Application Manager/Backup and select the application to backup on to the SD card .
3. Mount phone as USB drive and access '\backups\apps\' folder to find the apk of target app (lets call it targetapp.apk) . Copy it to your local drive.

Decomiling apk to Dex format

1. Download Dex2Jar (link) (Android runs applications which are in Dalvik Executable (.dex) format).
2. Run the command to convert apk to jar

dex2jar targetapp.apk file(./dex2jar targetapp.apk on terminal)

File ‘targetapp.apk.dex2jar.jar’ is created

Viewing/Decompiling the Jar files to Java

Method 1 : Use JavaDecompiler (JD)

1. Open ‘targetapp.apk.dex2jar.jar’ with jd-gui (link)
2. File > Save All Sources to sava the class files in jar to java files.

Method 2: JAD

1. Extract contents of jar file on to a folder named src. Use and unarchival utility like 7zip
2. Keep ‘src’ folder in the same directory where JAD and targetapp jar is present
3. Open JAD in cmd and execute the following command
4. jad -o -r -sjava -dsrc src/**/*.class (./jad on terminal)

Now src will contain decompiled Java files ready for manual code review.

Tools Used

1. Sample app – RemoteDroid (Opensource – link)
2. Astro File Manager (Android Market – link)
3. Dex2Jar (link)
4. jd-gui (link)
5. JAD (link)

Dex2Jar Info
App Name	Dex2Jar
License	free
Type	portable code
App URL
More Info	link

Update: Jarlsberg is now Gruyere

This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you’ll learn the following:

• How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
• How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.

Documentation Here

Some Exploit Screenshots

Information Disclosure – Read the contents of the database off of a running server by exploiting a configuration vulnerability.

Debug Dump Page URL – http://google-gruyere.appspot.com/457262944951/dump.jtl

The id changes based on your session.

Reflected XSS

Alert Dialog box which indicates the presence of Cross Site Scripting Vulnerability present in Jarlsberg

Stored XSS alert

Features

Jarlsberg includes a number of special features and technologies which add attack surface.

• HTML in Snippets: Users can include a limited subset of HTML in their snippets.
• File upload: Users can upload files to the server, e.g., to include pictures in their snippets.
• Web administration: System administrators can manage the system using a web interface.
• New accounts: Users can create their own accounts.
• Template language: Jarlsberg Template Language(JTL) is a new language that makes writing web pages easy as the templates connect directly to the database. Documentation for JTL can be found in gruyere/jtl.py.
• AJAX: Jarlsberg uses AJAX to implement refresh on the home and snippets page. You should ignore the AJAX parts of Jarlsberg except for the challenges that specifically tell you to focus on AJAX.

Vulnerabilities In Gruyere

• Cross-Site Scripting (XSS)
  • File Upload XSS
  • Reflected XSS
  • Stored XSS
  • Stored XSS via HTML Attribute
  • Stored XSS via AJAX
  • Reflected XSS via AJAX
• Client-State Manipulation
  • Elevation of Privilege
  • Cookie Manipulation
• Cross-Site Request Forgery (XSRF)
• Cross Site Script Inclusion (XSSI)
• Path Traversal
  • Information disclosure via path traversal
  • Data tampering via path traversal
• Denial of Service
  • DoS – Quit the Server
  • DoS – Overloading the Server
• Code Execution
• Information disclosure
• AJAX vulnerabilities
  • DoS via AJAX
  • Phishing via AJAX
• Buffer Overflow and Integer Overflow
• SQL Injection

Explore hosted version of Jarlsberg and start uncovering the vulnerabilities

Gruyere Hosted Version

Gruyere (Previously Jarlsberg) Info
App Name	Gruyere (Previously Jarlsberg)
License	free
Type	online code
App URL
More Info	link

Description of Project in Authors Terms,

This project is an attempt to create a well maintained, informative and categorized cheat sheet to highlight HTML5 as well as other client side and related security issues and ways to avoid them. The project is meant to target web developers as well as security researchers and especially browser vendors since many of the problems we found are based on faulty or quirky implementations. Focus is on completeness, comprehensibility and timeliness as well as continuity – benefits many other related cheat sheets don’t exactly provide.

Time to this site if are a developer or security analyst.

HTML5 CheatSheet

HTML5 CheatSheet Info
App Name	HTML5 CheatSheet
License	free
Type	online
App URL
More Info	link

This vulnerability is discovered by High-Tech Bridge SA and has been notified to Microsoft 12 April 2010. On the day of writing of this post, the vulnerability remains unfixed.

Read HTBridge advisory here

Vulnerable URL :

http://TARGETSITE/_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&tid=X

Screenshot

Read more at Microsoft Security Advisory (983438)