Ok, so here I am running around now with the JG5 firmware and rooted because why not.
Then my paranoid self asks what the root password is. I don't know. Perhaps not a big deal if the phone doesn't have any open ports. So I run a port scan. I find both ports 400 and 45415 are detected by the scanner, and it stalls on 65535 (making my paranoid self think there could be something fishy there too).
Whilst on private/home WiFi the open ports don't particularly bother me, although I've yet to do any packet sniffing. The router will block any incoming requests. Out on the carrier network though, who knows?
Anyway, does anybody know what the legitimate use of these ports is? What is the root password by default (per SamDroid) - maybe I should change it to be safe.
Nobody panic, but I think these thing require a little awareness if nothing else.
From what I could find on http://www.iana.org/assignments/port-numbers port 400 is used by Oracle Secure Backup. Port 1-1024 are so called well known ports, and should not be used by other applications.
osb-sd 400/tcp Oracle Secure Backup
osb-sd 400/udp Oracle Secure Backup
Port 65535 is the last possible port, and depending on how your portscanner works, it might be done checking all ports, but stalls on 65535 because the programmer hasn't taken into account that there are no ports above that number.
Also, very excellent and legitimate security concern, I hope some more experienced devs might be able to help you further, or correct me.
use Nmap to portscan
You guys should change the root password, but don't know how it's done. In jailbbrok iphones, that's one of the first things people do or are advised to do after jailbreak.en
as an ex iJoke user I am also concerned about the userser & passwords of my rooted android.
When I open the terminal and enter "passwd" it says not found.
Portscan from 1 to 1024 shows no vulnerability, no time to check all up to 65k
passwd binary is not included in most rooted kernels/root methods
im pretty sure the root password is blank...
but superuser.apk will prevent anything from a remote or local port (assuming its working correctly) from running with root permissions
unless you allow it.
Related
I was wondering whether there is such software for the android that can capture http posts before sending. i.e. like the firefox addons you can get and apps like http analyzer?
This would be really useful for testing purposes.
Cheers.
Gazos
You can try some general traffic capture tools (Like tcpdump or airodump-ng). If You have rooted phone, check out Shark for Root (tcpdump on phone).
Thanks for the update but I guess what I want is real time captures (and manipulation) like its possible in Firefox using only the phone.
I currently use tcpdump to capture data but want to edit the data before its sent out.
You can try to find/write small proxy server application and run it on phone, so you will be in control.
ex87 said:
You can try to find/write small proxy server application and run it on phone, so you will be in control.
Click to expand...
Click to collapse
Or you could run paros (http://sourceforge.net/projects/paros/files/) on a machine on your network and get the android browser to use it as the proxy (which looks like a bit of a task in it's self.)
The only viable way I can think of to do this (given Android's insane lack of proxy support) is to hack a custom firmware for a Linksys WRT54g so it basically routes everything to a transparent proxy (Fiddler2, Webscarab, Paros, Burp, etc) running on a PC. Something like this:
Android =[wi-fi]=> WRT54g -[ethernet]-> PC with proxy -> internet router
It might even be possible to achieve this without hacking the WRT54g.
The only problem you might still have (not sure) is Android's handling of invalid SSL certs since the proxy would basically be doing a man in the middle attack, and the app running on the Android phone would see an invalid SSL cert.
Be warned that trying this with a Windows host PC is almost guaranteed to fail unless it's Pro/Ultimate, and in any case this is going to involve some seriously hardcore manual routing config that goes beyond anything Windows' config screens were really intended to set up.
You can try to find/write small proxy server application and run it on phone, so you will be in control.
Click to expand...
Click to collapse
I'm pretty sure I saw this discussed on the android.security list, and the consensus was that the current API doesn't give any way to do this transparently, and it's questionable whether you could even implement something like WebScarab natively on Android using the NDK. I believe the general consensus was that if you want to host something like WebScarab on Android, it's going to take a custom kernel to pull it off, and some solution that lets you offload the actual proxying to a regular PC would be infinitely easier to pull off, and less cumbersome to use for actual security testing (it's enough of a pain trying to use Fiddler2 or Webscarab with a 1280x1024 display, let alone 854x480... not to mention trying to cut and paste examples into Word Documents for vulnerability assessment reports (shudder)).
^^^ OMG. I just installed AOSP ("Buufed") for the CDMA Hero, and it actually HAS the ability to set proxy for WiFi. I haven't tried it yet, and I'm not sure whether it's purely an "AOSP" feature or something I've just overlooked up to now that was in DamageControl, but it looks like at least *some* Android builds DO have it now
Hi there,
I was playing arround with my android phone when I tried to check which are the servers running (the ones that I should be aware of).
Then I run nmap from my desktop and I realized that there is a telnetd server which is not attached to any description (or binary description). I tried to unroot my phone and test it again then the server was gone. I root it once more time and there it was (telnetd) running again.
I'm doing a full scan in all available ports now but so far is clear that z4root is open a telnet server for no reason (in the best case, but obviously it is not there for doing nothing.)
I was wondering whether you guys have noticed it too. I google a lot for it and I have found nothing about a stealth server/telnet/backdoor started by z4root over the web.
No one have said that it was related to get root access either.
for safety reasons I just unrooted my phone again.
I'd like to hear your thoughts about it.
Daniel
I don't think I'm getting the behaviour you describe:
All 65535 scanned ports on 192.168.11.34 are closed (65500) or filtered (35)
Considering Dynmonaz remarks, I think you should worry about where you got your z4root apk from.
It's possible that someone adds a backdoor in the installer before redistributing it...
Hi,
I'm new to this forum and after having a solid look around the site I have been unable to find anything that comes close to what I have in mind.
I am currently a student at Edinburgh Napier University and I am looking into the possibility of creating a local Intrusion Detection System on a Smartphone. One capable of informing a user that an intruder is currently attempting to gain access to their device and carry out malicious activities.
Has anyone managed to find anything I have not as I am under the impression that no such software exists for any type of Smartphone device. My main consideration is with Windows Phone but I would like to hear about anything that is out there that relates to this.
Any help would be amazing.
Thanks in advance :highfive:
I have no input, but this is interesting stuff. Will the hardware be robust enough to support it?
I know people have gotten Ubuntu running on various mobile devices, but it'd be interesting to see how SNORT (or similar) plays with mobile hardware.
The problem you are going to have (not unsurmountable) is that if you ignore the infosec/marketing what you have out there is primarily black box IDS devices, with capabilities to also run as an IPS.
However only the most nieve such as UK Gov & Local Gov have( certainly none of the Tier 1 Inv.Banks I have worked for) have switched IPS on for fear of backlash. It would be something if developed I would be interested in seeing, certainly if it could act as an IDS on a Ad-Hoc VPN there is commercial opportunities there....
So ask yourself - are you REALLY wanting to BOTH Detect and Prevent or merely Detect and Acknowledge. The latter a more easy task, less of a hit on functionality.
Perhaps there is an old Cybertrust source code now opensource....as a thought for you, but it would need reengineering as was a custom image.
In the meantime if what you actually want is Single IP/MAC/Hardware protection - why not root the device, install Synodroid (to control who or what has SU equivalent access) & DroidWall (firewall to limit traffic) & do an audit of the Apps you have downloaded of the rights requested. Perhaps setup a VPN to your university network or local broadband router (if you trust who manages them) so at least there is another layer to go through. However if you someone who opens zip's//tars on the device with install privileges elevated then your accepting the consequences. (Above Android related)
There is bound to be an IP traffic audit tool app - so you could use to Record a 24/26/48 hour period of the address ranges and what process linked back. But as you then start moving down the completely pain in the neck Firewall Rule analysis piece and SIEM world, don't!
Thanks finlaand
Thanks finlaand that is a lot to go on I really appreciate your thoughts.
I will be sure to keep you all up-to-date on how things are going.
Many thanks again :good:
Hey yall,
I'm thinking this might now be possible until root is gained, but is it possible to run ssh through the terminal?
I know there are apps like JuiceSSH & BetterTerm Pro, but I specifically need to ssh with a key through the shell.
Reason:
I used to have a Tasker profile that when activated (by location context) would write to a text file on my server, which would be the catalyst for my other computers and devices to switch contexts and run various scripts & such.
Sigh………I'm thinking it was a big mistake to get this phone between the 4.4 SD card lockout & stupid Verizon locking.
I think ssh is possible, how, I have NO IDEA but in the irc channel #sgs5 (maybe in a thread here somewhere and not on irc, idk )someone mentioned we may get root faster if we set up ssh so a dev could adb shell and let a dev without a physical device tinker.... I'm probably way off though, or maybe the person that posted was off and mislead me through my own lack of knowledge.
beav3r
Ah, I saw that in the big root thread here. I believe they're referring to starting an SSH *Server* on the phone, kinda the opposite of what I'm asking. But thanks for your input though!
I don't think you would need root for this. Both JuiceSSH and BetterTerm should support shell scripts that can be called from Tasker.
I'm reading packets in native code from the TUN interface created with the VpnService API. I would like to correlate packets to installed applications, i.e., to know which application sent a certain packet, without root access. With root access it would be a simple case of either using netstat/lsof or going through some of the /proc files. However, I couldn't find a way to get a list of connection <--> PID (or UID) mappings, neither in the native Linux context, nor within the higher level Android APIs.
I don't mind a more convoluted solution that needs work and is somewhat hackish, as long as it works without root access.
Looking forward to even ideas and starting points that I can further explore myself, if you don't have a full solution. And if you know 100% this is not possible, no matter the workarounds that I may try, let me know.
To answer my own question, in case someone finds this post with a search engine, yes it is possible, at least up to Android P, by reading the /proc/net/tcp, /proc/net/tcp6, /proc/net/udp, and /proc/net/udp6 files. However, in Android P the ability to read files under /proc/net is starting to be restricted (see this thread) and is going away in Android Q.