Android apk leaks access token to takeover the whole infrastructure

Hi, everyone

My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing how I was able to Find the production and staging access token leaked by android application and takeover the whole infrastructure .

TIP For looking for android bug :

  1. gf (tomnomnom) — https://github.com/tomnomnom/gf
  2. grep
  3. apktool

Case# — — Finding hard coded Credential in android apk .

So I was looking for android bug in One of the public bugbounty program . So i download the android application apk file and de-compile and started looking around.

How to download android application:

Suppose “example” the company to look for android application

Just search on Google like these “example android application downloadable”

Command to decompile the android application:

apktool d exaple.apk.

Now I have used grep command to look for base64 encoded string Or you can also used gf tool .

Just navigate to the folder where you have decompile the android apk and search for the hardcoded secret.Here is the command I prefer to search for base64 encoded string.

grep -Hnri “eyJ” * — color

And the out it got it blow up my joy.

Output:

r�5.6.4p3
m��%�I�$4���v�A�global.assets-Production_accessssConfig0eyJUa………….

After see the output I am like

So i quickly decoded the the base64 encoding string and used those token and I logged into producetion application. And finally able to access the infrastrucure down.

Takeaway

That’s one of the reasons why I wanted to share my experience. also to highlight other techniques to exploit such vulnerability.

Support me if you like my work! Buy me a coffee and Follow me on Twitter.

Like to hack and break security code and denfense |Security Researcher |pentester | Bugbounty hunter | Pentration tester | CTF player | BUGBOUNTY