# Drozer ## **\[Terminal] Start a drozer session** 1. open drozer-agent application inside android emulator, toggle it on.

2\. open Terminal inside linux host machine, type the following to establish communication between drozer and drozer-agent. ``` adb forward tcp:31415 tcp:31415 ```

3\. open Terminal inside windows host machine, type the following to start drozer. ``` drozer console connect ```

## \[Drozer] Find the package name of the vulnerable application ``` run app.package.list -f ```

## \[Drozer] Show package information ``` run app.package.info -a ```

## \[Drozer] Identify attack surface ``` run app.package.attacksurface ```

## \[Drozer] Exploit exported activities ### List exported activities ``` run app.activity.info -a ```

### Invoke exported activities ``` run app.activity.start -a ```

## \[Drozer] Exploit exported content providers ### Find accessible content URIs ``` run scanner.provider.finduris -a ```

### SQLi vulnerability List accessible SQLi injection points and accessible content URIs. ``` run scanner.provider.injection -a ```

Display SQL tables for the package name if it is vulnerable to SQLi. ``` run scanner.provider.sqltables -a ```

\[CRUD] query the content.

\[CRUD] insert the content.

\[CRUD] update the content.

\[CRUD] delete the content.

### Directory traversal vulnerability List accessible content URIs that is vulnerable to directory traversal. ``` run scanner.provider.traversal -a ```

Exploit directory traversal vulnerability. ``` run app.provider.read ../../etc/hosts run app.provider.read ../../proc/cpuinfo ```