Drozer模块命令大全(一)

    xiaoxiao2021-12-15  34

    目录

    目录前言APP模块


    前言

    最近在研究drozer的使用,发现网上的资料也挺少的,就自己过了一遍所有模块,可以当使用手册来看。


    APP模块

    模块名作用app.activity.forintent通过intent查找它的activityapp.activity.info获取activities信息app.activity.start开启 Activityapp.broadcast.info获取broadcast receivers信息app.broadcast.send发送广播app.broadcast.sniff嗅探广播中intent的数据app.package.attacksurface确定安装包的可攻击面app.package.backup列出可备份的包app.package.debuggable列出可debug的包app.package.info获取已安装包的信息app.package.launchintent获取程序启动的activity信息app.package.list手机已安装的程序包app.package.manifest获取程序manifest文件信息app.package.native列出Native libraries 信息app.package.shareduid查找拥有共同uid的包和他们所有的权限app.provider.columns展示content provider URI的各列app.provider.delete删除content provider URI的内容app.provider.download使用openInputStream读取指定uri的内容,并下载在电脑中app.provider.info获取 content providers信息app.provider.insert插入数据到content providerapp.provider.query查询content provider 内容app.provider.read使用openInputStream读取指定uri的内容app.provider.update更新content provider的内容app.service.info获取services的信息app.service.send使用 Message攻击暴露的service,其service实现了handleMessageapp.service.start开启服务app.service.stop停止服务

    app.package.list

    usage: run app.package.list [-h] [-d DEFINES_PERMISSION] [-f FILTER] [-g GID][-p PERMISSION] [-u UID] [-n]

    列出所有手机安装的包

    Examples: 查找带有browser的包:

    dz> run app.package.list -f browser com.android.browser

    最后修改日期: 2012-11-06 作者: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    optional arguments:

    参数名作用-d DEFINES_PERMISSION, –defines-permission通过自定义permission 查询 ,-f FILTER, –filter FILTER通过关键词查询-g GID, –gid GID通过GID查询-p PERMISSION, –permission PERMISSIONuses-permission过滤查询, -u UID, –uid UID通过UID查询-n, –no_app_name不输出应用名

    app.activity.start

    usage: run app.activity.start [-h] [–action ACTION] [–category CATEGORY [CATEGORY …]] [–component PACKAGE COMPONENT] [–data-uri DATA_URI][–extra TYPE KEY VALUE] [–flags FLAGS [FLAGS …]] [–mimetype MIMETYPE]

    通过特制的Intent启动activity。

    Examples: 显式 intent开启浏览器:

    dz> run app.activity.start --component com.android.browser com.android.browser.BrowserActivity --flags ACTIVITY_NEW_TASK

    如果不设置flags,默认值为ACTIVITY_NEW_TASK . 取消默认值的方法如下:

    dz> run app.activity.start --component com.android.browser com.android.browser.BrowserActivity --flags 0x0

    隐式 intent开启浏览器 :

    dz> run app.activity.start --action android.intent.action.VIEW --data-uri http://www.google.com --flags ACTIVITY_NEW_TASK

    更多关于intents的帮助使用命令’help intents’.

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    optional arguments:

    参数名作用–action ACTION指定action–category CATEGORY [CATEGORY …]指定category–data-uri DATA_URI指定uri–extra TYPE KEY VALUE指定附加的数据–flags FLAGS [FLAGS …]指定一个或者多个flags–mimetype MIMETYPE指定文件类型–component PACKAGE COMPONENT指定componnent

    对于显式Intent,Android不需要去做解析,因为目标组件已经很明确,Android需要解析的是那些隐式Intent,通过解析,将Intent映射给可以处理此Intent的Activity、IntentReceiver或Service。

    Intent解析机制主要是通过查找已注册在AndroidManifest.xml中的所有IntentFilter及其中定义的Intent,最终找到匹配的Intent。在这个解析过程中,Android是通过Intent的action、type、category这三个属性来进行判断的,判断方法如下:

    如果Intent指明定了action,则目标组件的IntentFilter的action列表中就必须包含有这个action,否则不能匹配;如果Intent没有提供type,系统将从data中得到数据类型。和action一样,目标组件的数据类型列表中必须包含Intent的数据类型,否则不能匹配。如果Intent中的数据不是content: 类型的URI,而且Intent也没有明确指定它的type,将根据Intent中数据的scheme (比如 http: 或者mailto:) 进行匹配。同上,Intent 的scheme必须出现在目标组件的scheme列表中。如果Intent指定了一个或多个category,这些类别必须全部出现在组建的类别列表中。比如Intent中包含了两个类别:LAUNCHER_CATEGORY 和 ALTERNATIVE_CATEGORY,解析得到的目标组件必须至少包含这两个类别。如果 component这个属性有指定的话,将直接使用它指定的组件,而不再执行上述查找过程。

    app.activity.info

    usage: run app.activity.info [-h] [-a PACKAGE] [-f FILTER] [-i] [-u] [-v]

    Gets information about exported activities.

    Examples: List activities exported by the Browser:

    dz> run app.activity.info --package com.android.browser Package: com.android.browser com.android.browser.BrowserActivity com.android.browser.ShortcutActivity com.android.browser.BrowserPreferencesPage com.android.browser.BookmarkSearch com.android.browser.AddBookmarkPage com.android.browser.widget.BookmarkWidgetConfigure

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    optional arguments:

    参数名作用-a PACKAGE, –package PACKAGE指定包名-f FILTER, –filter FILTER指定activity的名称-i, –show-intent-filters显示activity的intent-filters-u, –unexported包括exported:false的activity-v, –verbose显示详细信息

    app.package.info

    usage: run app.package.info [-h] [-a PACKAGE] [-d DEFINES_PERMISSION] [-f FILTER] [-g GID] [-p PERMISSION] [-u UID] [-i]

    List all installed packages on the device with optional filters. Specify optional keywords to search for in the package information, or granted permissions.

    Examples: Finding all packages with the keyword “browser” in their name:

    dz> run app.package.info -f browser Package: com.android.browser Process name: com.android.browser Version: 4.1.1 Data Directory: /data/data/com.android.browser APK path: /system/app/Browser.apk UID: 10014 GID: [3003, 1015, 1028] Shared libraries: null Permissions: - android.permission.ACCESS_COARSE_LOCATION - android.permission.ACCESS_DOWNLOAD_MANAGER - android.permission.ACCESS_FINE_LOCATION ...

    Finding all packages with the “INSTALL_PACKAGES” permission:

    dz> run app.package.info -p INSTALL_PACKAGES Package: com.android.packageinstaller Process Name: com.android.packageinstaller Version: 4.1.1-403059 Data Directory: /data/data/com.android.packageinstaller APK Path: /system/app/PackageInstaller.apk UID: 10003 GID: [1028] Shared Libraries: null Shared User ID: null Permissions: - android.permission.INSTALL_PACKAGES - android.permission.DELETE_PACKAGES - android.permission.CLEAR_APP_CACHE - android.permission.READ_PHONE_STATE - android.permission.CLEAR_APP_USER_DATA - android.permission.READ_EXTERNAL_STORAGE

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    optional arguments:

    参数名作用-a PACKAGE, –package PACKAGE指定包名-d DEFINES_PERMISSION, –defines-permission DEFINES_PERMISSION通过自定义的权限过滤-f FILTER, –filter FILTER通过关键词查询-g GID, –gid GID指定GID-p PERMISSION, –permission PERMISSION通过权限过滤-u UID, –uid UID指定UID-i, –show-intent-filters显示intent-filters

    app.broadcast.info

    usage: run app.broadcast.info [-h] [-a PACKAGE] [-f FILTER] [-p PERMISSION] [-i] [-u] [-v]

    获取broadcast receivers信息

    Examples: Get receivers exported by the platform:

    dz> run app.broadcast.info -a android Package: android com.android.server.BootReceiver Permission: null com.android.server.updates.CertPinInstallReceiver Permission: null com.android.server.updates.IntentFirewallInstallReceiver Permission: null com.android.server.updates.SmsShortCodesInstallReceiver Permission: null com.android.server.updates.CarrierProvisioningUrlsInstallReceiver Permission: null com.android.server.updates.TZInfoInstallReceiver Permission: null com.android.server.updates.SELinuxPolicyInstallReceiver Permission: null com.android.server.MasterClearReceiver Permission: android.permission.MASTER_CLEAR

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs), Luander (luander.r@samsung.com) License: BSD (3 clause)

    optional arguments:

    参数名作用-a PACKAGE, –package PACKAGE指定包名-f FILTER, –filter FILTER通过关键词查询-p PERMISSION, –permission PERMISSION通过权限过滤-i, –show-intent-filters显示intent-filters-u, –unexported包括exported:false的receivers-v, –verbose显示详细信息

    app.service.info

    usage: run app.service.info [-h] [-a PACKAGE] [-f ] [-i] [-p ] [-u] [-v]

    获取services信息.

    Examples: List services exported by the Browser:

    dz> run app.service.info --package com.android.browser Package: com.android.browser No exported services.

    List exported services with no permissions required to interact with it:

    dz> run app.service.info -p null Package: com.android.email com.android.email.service.EmailBroadcastProcessorService Permission: null com.android.email.Controller$ControllerService Permission: null com.android.email.service.PopImapAuthenticatorService Permission: null com.android.email.service.PopImapSyncAdapterService Permission: null com.android.email.service.EasAuthenticatorService Permission: null

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    optional arguments:

    参数名作用-a PACKAGE, –package PACKAGE指定包名-f FILTER, –filter FILTER通过关键词查询-p PERMISSION, –permission PERMISSION通过权限过滤-i, –show-intent-filters显示intent-filters-u, –unexported包括exported:false的service-v, –verbose显示详细信息

    app.provider.info

    usage: run app.provider.info [-h] [-a PACKAGE] [-f FILTER] [-p PERMISSION] [-u] [-v]

    获取 content providers信息

    Examples: Find content provider with the keyword “settings” in them:

    dz> run app.provider.info -f settings Package name: com.google.android.gsf Authority: com.google.settings Required Permission - Read: null Required Permission - Write: com.google.android.providers.settings.permission.WRITE_GSETTINGS Grant Uri Permissions: false Multiprocess allowed: false Package name: com.android.providers.settings Authority: settings Required Permission - Read: null Required Permission - Write: android.permission.WRITE_SETTINGS Grant Uri Permissions: false Multiprocess allowed: false

    Finding content providers that do not require permissions to read/write:

    dz> run app.provider.info -p null Package name: com.google.android.gsf Authority: com.google.settings Required Permission - Read: null Required Permission - Write: com.google.android.providers.settings.permission.WRITE_GSETTINGS Grant Uri Permissions: false Multiprocess allowed: false ...

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    optional arguments:

    参数名作用-a PACKAGE, –package PACKAGE指定包名-f FILTER, –filter FILTER通过关键词查询-p PERMISSION, –permission PERMISSION通过权限过滤-u, –unexported包括exported:false的provider-v, –verbose显示详细信息

    app.activity.forintent

    usage: run app.activity.forintent [-h] [–action ACTION] [–category CATEGORY [CATEGORY …]] [–component PACKAGE COMPONENT] [–data-uri DATA_URI] [–extra TYPE KEY VALUE] [–flags FLAGS [FLAGS …]] [–mimetype MIMETYPE]

    通过intent查找它的activity

    Examples: Find activities that can handle web addresses:

    dz> run app.activity.forintent --action android.intent.action.VIEW --data http://www.google.com Package name: com.android.browser Target activity: com.android.browser.BrowserActivity

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    optional arguments:

    参数名作用–action ACTION指定action–category CATEGORY [CATEGORY …]指定category–data-uri DATA_URI指定uri–extra TYPE KEY VALUE指定附加的数据–flags FLAGS [FLAGS …]指定一个或者多个flags–mimetype MIMETYPE指定文件类型–component PACKAGE COMPONENT指定componnent

    app.broadcast.send

    usage: run app.broadcast.send [-h] [–action ACTION] [–category CATEGORY [CATEGORY …]] [–component PACKAGE COMPONENT] [–data-uri DATA_URI] [–extra TYPE KEY VALUE] [–flags FLAGS [FLAGS …]] [–mimetype MIMETYPE]

    Examples: Attempt to send the BOOT_COMPLETED broadcast message:

    dz> run app.broadcast.send --action android.intent.action.BOOT_COMPLETED java.lang.SecurityException: Permission Denial: not allowed to send broadcast android.intent.action.BOOT_COMPLETED

    from pid=955, uid=10044

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    optional arguments:

    参数名作用–action ACTION指定action–category CATEGORY [CATEGORY …]指定category–data-uri DATA_URI指定uri–extra TYPE KEY VALUE指定附加的数据–flags FLAGS [FLAGS …]指定一个或者多个flags–mimetype MIMETYPE指定文件类型–component PACKAGE COMPONENT指定componnent

    app.broadcast.sniff

    usage: run app.broadcast.sniff [-h] [–action ACTION] [–category CATEGORY [CATEGORY …]] [–data-authority HOST PORT] [–data-path PATH TYPE] [–data-scheme DATA_SCHEME [DATA_SCHEME …]] [–data-type DATA_TYPE [DATA_TYPE …]]

    Register a broadcast receiver that can sniff particular intents

    获取电量信息 Examples: dz> run app.broadcast.sniff –action android.intent.action.BATTERY_CHANGED [*] Broadcast receiver registered to sniff matching intents [*] Output is updated once a second. Press Control+C to exit.

    Action: android.intent.action.BATTERY_CHANGED Raw: Intent { act=android.intent.action.BATTERY_CHANGED flg=0x60000010 (has extras) } Extra: technology=Li-ion (java.lang.String) Extra: icon-small=17303411 (java.lang.Integer) Extra: health=2 (java.lang.Integer) Extra: online=4 (java.lang.Integer) Extra: status=2 (java.lang.Integer) Extra: plugged=2 (java.lang.Integer) Extra: present=true (java.lang.Boolean) Extra: level=80 (java.lang.Integer) Extra: scale=100 (java.lang.Integer) Extra: temperature=280 (java.lang.Integer) Extra: current_avg=460 (java.lang.Integer) Extra: voltage=4151 (java.lang.Integer) Extra: charge_type=1 (java.lang.Integer) Extra: invalid_charger=0 (java.lang.Integer)

    Last Modified: 2014-06-27 Credit: Tyrone (@mwrlabs) License: BSD (3 clause)

    optional arguments:

    参数名作用–action ACTION指定action–category CATEGORY [CATEGORY …]指定category–data-authority HOST PORT指定data中的host:port–data-path PATH TYPE指定data中的path–data-scheme DATA_SCHEME [DATA_SCHEME …]指定data中的scheme–data-type DATA_TYPE [DATA_TYPE …]指定data中的数据类型

    scheme, host, port, path, pathPrefix, pathPattern 是用来匹配 Intent 中的 Data Uri 的。具体规则如下:

      scheme://host:port/path or pathPrefix or pathPattern

    详细可以参考下面链接: http://blog.csdn.net/androidzhaoxiaogang/article/details/6856201


    app.package.attacksurface

    usage: run app.package.attacksurface [-h] package

    确定安装包的可攻击面

    Examples: Finding the attack surface of the built-in browser

    dz> run app.package.attacksurface com.android.browser 6 activities exported 4 broadcast receivers exported 1 content providers exported 0 services exported

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    positional arguments: package the identifier of the package to inspect

    optional arguments: -h, –help


    app.package.backup

    usage: run app.package.backup [-h] [-f FILTER] [-k]

    列出可备份的包

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    optional arguments:

    参数名作用-f FILTER, –filter FILTER指定包名-k, –api-keys只展示有api keys的包

    app.package.debuggable

    usage: run app.package.debuggable [-h] [-f FILTER] [-v]

    列出可debug的包

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    optional arguments:

    参数名作用-f FILTER, –filter FILTER指定包名-v, –verbose附加不可debug的包信息

    app.package.launchintent

    usage: run app.package.launchintent [-h] [-r] package

    获取程序启动的activity信息

    Examples: Finding the launch intent of the Android browser package:

    dz> run app.package.launchintent com.android.browser Intent: Action: android.intent.action.MAIN Component: {com.android.browser/com.android.browser.BrowserActivity} Data: null Categories: android.intent.category.LAUNCHER Flags: [ACTIVITY_NEW_TASK] Mime Type: null Extras: null

    Last Modified: 2013-03-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    positional arguments: package the identifier of the package to inspect

    optional arguments:

    参数名作用-r, –raw相当于intent.toString()

    app.package.manifest

    usage: run app.package.manifest [-h] package

    获取程序manifest文件信息,和apktool反编译出来的对比,drozer的还能查看versionCode、versionName、minSdkVersion、targerSdkversion。

    Examples: Getting the manifest for drozer

    dz> run app.package.manifest com.mwr.dz <manifest versionCode="2" versionName="1.1" package="com.mwr.dz"> <uses-sdk minSdkVersion="8" targetSdkVersion="4"> </uses-sdk> <uses-permission name="android.permission.INTERNET"> </uses-permission> ... </manifest>

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    positional arguments: package the identifier of the package

    optional arguments: -h, –help


    app.package.native

    usage: run app.package.native [-h] package

    列出Native libraries 信息

    Last Modified: 2013-03-23 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    positional arguments: package the identifier of the package

    optional arguments: -h, –help


    app.package.shareduid

    usage: run app.package.shareduid [-h] [-u UID]

    查找拥有共同uid的包和他们所有的权限。

    Examples: Finding packages that share the UID 10011

    dz> run app.package.shareduid -u 10011 UID: 10011 (com.motorola.blur.uid.provider_authenticator:10011) Package Name: com.motorola.blur.provider.photobucket Package Name: com.motorola.blur.provider.picasa Package Name: com.motorola.blur.provider.yahoo Package Name: com.motorola.blur.provider.twitter Package Name: com.motorola.blur.provider.fixedemail Package Name: com.motorola.blur.provider.motorola.app Package Name: com.motorola.blur.provider.orkut Package Name: com.motorola.blur.provider.email Package Name: com.motorola.blur.provider.facebook Package Name: com.motorola.blur.provider.lastfm Package Name: com.motorola.blur.provider.linkedin Package Name: com.motorola.blur.provider.youtube Package Name: com.motorola.blur.provider.skyrock Package Name: com.motorola.blur.provider.activesync Package Name: com.motorola.blur.provider.flickr Accumulated permissions: com.motorola.blur.setupprovider.Permissions.ACCESS_ACCOUNTS; ...

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    optional arguments:

    参数名作用-u UID, –uid UID指定uid

    app.provider.columns

    usage: run app.provider.columns [-h] uri

    展示content provider URI的各列名

    Examples: List the columns of content://settings/secure

    dz> run app.provider.columns content://settings/secure | _id | name | value |

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    positional arguments: uri the content provider uri to query

    optional arguments: -h, –help


    app.provider.delete

    usage: run app.provider.delete [-h] [–selection conditions] [–selection-args [arg [arg …]]] uri

    删除content provider URI的内容

    Examples: Delete from content://settings/secure, with name condition:

    dz> run app.provider.delete content://settings/secure --selection "name=?" --selection-args my_setting

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    positional arguments: uri the content provider uri to query

    optional arguments:

    参数名作用–selection conditions指定列名–selection-args [arg [arg …]]指定值

    app.provider.download

    usage: run app.provider.download [-h] uri destination

    使用openInputStream读取指定uri的内容,并下载在电脑中

    使用前提:provider实现了openFile

    如果在window下,目的地址’/’为drozer安装目录所在的磁盘,比如drozer安装在D盘

    目的地址为/data.db ,文件就在D:\data.db

    Examples: Download, using directory traversal on a content provider:

    dz> run app.provider.download content://vulnerable.provider/../../../system/etc/hosts /tmp/hostsfile Written 25 bytes

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    positional arguments: uri the content provider URI to read a file through destination path to save the downloaded file to

    optional arguments: -h, –help


    app.provider.insert

    usage: **run app.provider.insert [-h] [–boolean column data] [–double column data] [–float column data] [–integer column data] [–long column data] [–short column data] [–string column data] uri**

    插入数据到content provider.

    Examples: Insert into a vulnerable content provider:

    dz> run app.provider.insert content://com.vulnerable.im/messages --string date 1331763850325 --string type 0 --integer _id 7

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    positional arguments: uri the content provider uri to insert into

    optional arguments:

    –boolean 【column】 【data】 –double 【column】【 data】 –float 【column】【 data】 –integer 【column】【 data】 –long 【column】【 data】 –short 【column】【 data】 –string 【column】【 data】


    app.provider.finduri

    usage: run app.provider.finduri [-h] package

    查找Content URIs

    This module uses a number of strategies to identify a content URI, including inspecting the authorities, path permissions and searching for strings inside the package.

    Examples: Find content provider URIs in the Browser:

    dz> run app.provider.finduri com.android.browser Scanning com.android.browser... content://com.android.browser.home/res/raw/ content://browser/search_suggest_query content://browser/ content://com.android.browser.snapshots/ content://com.android.browser/bookmarks/search_suggest_query content://com.android.browser/ content://com.google.settings/partner content://com.android.browser.snapshots content://com.google.android.partnersetup.rlzappprovider/ content://com.android.browser.home/ content://browser/bookmarks/search_suggest_query

    Last Modified: 2012-13-18 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    positional arguments: package the package to search for content provider uris

    optional arguments: -h, –help


    app.provider.query

    usage: run app.provider.query [-h] [–projection [columns [columns …]]] [–selection conditions] [–selection-args [arg [arg …]]] [–order by_column] [–vertical] uri

    查询content provider 内容

    Examples: Querying the settings content provider:

    dz> run app.provider.query content://settings/secure | _id | name | value | | 5 | assisted_gps_enabled | 1 | | 9 | wifi_networks_available_notification_on | 1 | | 10 | sys_storage_full_threshold_bytes | 2097152 | | ... | ... | ... |

    Querying, with a WHERE clause in the SELECT statement:

    dz> run app.provider.query content://settings/secure --selection "_id=?" --selection-args 10 | _id | name | value | | 10 | sys_storage_full_threshold_bytes | 2097152 |

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    positional arguments: uri the content provider uri to query

    optional arguments:

    参数名作用–projection [columns [columns …]]选择查询哪些列,如:–projection _id,name–selection conditions指定列名–selection-args [arg [arg …]]指定列名的值–order by_column通过哪一列排序–vertical垂直显示

    app.provider.read

    usage: run app.provider.read [-h] uri

    使用openInputStream读取指定uri的内容

    使用前提:provider实现了openFile

    Examples: Attempt directory traversal on a content provider:

    dz> run app.provider.read content://settings/secure/../../../system/etc/hosts java.io.FileNotFoundException: No files supported by provider at content://settings/secure/../../../system/etc/hosts

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    positional arguments: uri the content provider URI to read a file through

    optional arguments: -h, –help


    app.provider.update

    usage: run app.provider.update [-h] [–selection conditions] [–selection-args [arg [arg …]]] [–boolean column data] [–double column data] [–float column data] [–integer column data] [–long column data] [–short column data] [–string column data] uri

    更新content provider的内容

    Examples: Updating, the assisted_gps_enabled setting:

    dz> run app.provider.update content://settings/secure --selection "name=?" --selection-args assisted_gps_enabled --integer value 0 Done.

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    positional arguments: uri the content provider uri to update in

    optional arguments:

    参数名作用–selection conditions指定列名–selection-args [arg [arg …]]指定列名的值–boolean column data列名+值–double column data列名+值–float column data列名+值–integer column data列名+值–long column data列名+值–short column data列名+值–string column data列名+值

    app.service.start

    usage: run app.service.start [-h] [–action ACTION] [–category CATEGORY [CATEGORY …]] [–component PACKAGE COMPONENT] [–data-uri DATA_URI] [–extra TYPE KEY VALUE] [–flags FLAGS [FLAGS …]] [–mimetype MIMETYPE]

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    optional arguments:

    参数名作用–action ACTION指定action–category CATEGORY [CATEGORY …]指定category–data-uri DATA_URI指定uri–extra TYPE KEY VALUE指定附加的数据–flags FLAGS [FLAGS …]指定一个或者多个flags–mimetype MIMETYPE指定文件类型–component PACKAGE COMPONENT指定componnent

    app.service.stop

    usage: run app.service.stop [-h] [–action ACTION] [–category CATEGORY [CATEGORY …]] [–component PACKAGE COMPONENT] [–data-uri DATA_URI] [–extra TYPE KEY VALUE] [–flags FLAGS [FLAGS …]] [–mimetype MIMETYPE]

    Last Modified: 2012-11-06 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    optional arguments:

    参数名作用–action ACTION指定action–category CATEGORY [CATEGORY …]指定category–data-uri DATA_URI指定uri–extra TYPE KEY VALUE指定附加的数据–flags FLAGS [FLAGS …]指定一个或者多个flags–mimetype MIMETYPE指定文件类型–component PACKAGE COMPONENT指定componnent

    app.service.send

    usage: run app.service.send [-h] [–msg what arg1 arg2] [–extra type key value] [–no-response] [–timeout TIMEOUT] [–bundle-as-obj] package component

    使用 Message攻击暴露的service,其service实现了handleMessage。

    NB: by default, this module will wait 20 seconds for a reply.

    Examples: Deliver a Message to a dummy application, that simply returns the message:

    dz> run app.service.send com.example.srv com.example.srv.Service --msg 1 2 3 --extra float value 0.1324 --extra

    string test value Got a reply from com.example.srv/com.example.srv.Service: what: 1 arg1: 2 arg2: 3 Data: value (float) : 0.1324 test (string) : value

    Last Modified: 2013-05-20 Credit: MWR InfoSecurity (@mwrlabs) License: BSD (3 clause)

    positional arguments: package the package containing the target service component the fully-qualified service name to bind to

    optional arguments:

    参数名作用–msg what arg1 arg2指定message obtain获取的值,what、arg1、arg2–extra type key value指定bundle的数据–no-response丢弃回复–timeout TIMEOUT设置等待回复的超时时间–bundle-as-obj设置obj的值
    转载请注明原文地址: https://ju.6miu.com/read-1000065.html

    最新回复(0)