3.4.1 Activities

DROZER

run app.activity.info -a com.x.x.x
run app.activity.start --component com.x.x.x com.x.x.x.ActivityName

Displays exported acclivities and starting them

ADB

adb shell am start -n com.x.x.x/ActivityName

In order to get the activity names - use drozer or also have a look the AndroidManifest.xml

THINGS TO REPORT

  • Bypass so called "protected" activities (i.e. creds needed) and access sensitive information

  • Accessed "hidden" activities (if Admin-UI or Debug-UI are implemented)

Previous3.4 Attack surfaceNext3.4.2 ContentProvider

Last updated

Was this helpful?