Android apk leaks access token to takeover the whole infrastructure
My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing how I was able to Find the production and staging access token leaked by android application and takeover the whole infrastructure .
I am now offering 1:1 sessions to share my knowledge and expertise:
TIP For looking for android bug :
- gf (tomnomnom) — https://github.com/tomnomnom/gf
Case# — — Finding hard coded Credential in android apk .
Here is how I get access to the company production and staging server by the access token leaked by android application.
So I was looking for android bug in One of the public bugbounty program . So i download the android application apk file and de-compile and started looking around.
How to download android application:
Suppose “example” the company to look for android application
Just search on Google like these “example android application downloadable”
Command to decompile the android application:
apktool d exaple.apk.
Now I have used grep command to look for base64 encoded string Or you can also used gf tool .
Just navigate to the folder where you have decompile the android apk and search for the hardcoded secret.Here is the command I prefer to search for base64 encoded string.
grep -Hnri “eyJ” * — color
And the out it got it blow up my joy.
After see the output I am like
So i quickly decoded the the base64 encoding string and used those token and I logged into producetion application. And finally able to access the infrastrucure down.
I’m sure that a lot of security researcher had already see there process but this how I approach for find ssrf , and i have reported many in bugbounty program using this process, .I hope this will help to find more apk hardcore credential
That’s one of the reasons why I wanted to share my experience. also to highlight other techniques to exploit such vulnerability.
Support me if you like my work! Buy me a coffee and Follow me on Twitter.
Thanks for reading :)
Santosh Kumar Sha — Security Researcher — Bugcrowd | LinkedIn
View Santosh Kumar Sha’s profile on LinkedIn, the world’s largest professional community. Santosh Kumar has 2 jobs…