Writeups
CTF Writeups
-
Read more: Mobile Hacking Lab – NoteKeeperDescription: Welcome to the NoteKeeper Application, where users can create and encode short notes. However, lurking within the app is a critical buffer overflow vulnerability. Your mission is to uncover this vulnerability and exploit it to achieve remote code execution. Download: https://lautarovculic.com/my_files/notekeeper.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-notekeeper Install the app with ADB adb install -r notekeeper.apk We can see how this notes app allows…
-
Read more: Mobile Hacking Lab – Post BoardDescription: Welcome to the Android Insecure WebView Challenge! This challenge is designed to delve into the complexities of Android’s WebView component, exploiting a Cross-Site Scripting (XSS) vulnerability to achieve Remote Code Execution (RCE). It’s an immersive opportunity for participants to engage with Android application security, particularly focusing on WebView security issues. Download: https://lautarovculic.com/my_files/postBoard.apkLink:https://www.mobilehackinglab.com/path-player?courseid=lab-webview Install the app with ADB…
-
Read more: Mobile Hacking Lab – IOT ConnectDescription: Welcome to the “IOT Connect” Broadcast Receiver Exploitation Challenge! Immerse yourself in the world of cybersecurity with this hands-on lab. This challenge focuses on exploiting a security flaw related to the broadcast receiver in the “IOT Connect” application, allowing unauthorized users to activate the master switch, which can turn on all connected devices. The goal is…
-
Read more: Mobile Hacking Lab – Config EditorDescription: Welcome to the Config Editor Challenge! In this lab, you’ll dive into a realistic situation involving vulnerabilities in a widely-used third-party library. Your objective is to exploit a library-induced vulnerability to achieve RCE on an Android application. Download: https://lautarovculic.com/my_files/configEditor.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-config-editor-rce Install the APP with ADB adb install -r configEditor.apk We can see that there ask for storage permissions.Also, notice that we have two…
-
Read more: Mobile Hacking Lab – Secure NotesDescription: Welcome to the Secure Notes Challenge! This lab immerses you in the intricacies of Android content providers, challenging you to crack a PIN code protected by a content provider within an Android application. It’s an excellent opportunity to explore Android’s data management and security features. Download: https://lautarovculic.com/my_files/secureNotes.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-secure-notes Install the APK with ADB adb install -r secureNotes.apk We can see…
-
Read more: Mobile Hacking Lab – Document ViewerDescription: Welcome to the Remote Code Execution (RCE) Challenge! This lab provides a real-world scenario where you’ll explore vulnerabilities in popular software. Your mission is to exploit a path traversal vulnerability combined with dynamic code loading to achieve remote code execution. Download: https://lautarovculic.com/my_files/documentViewer.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-document-viewer-rce Install the APK with ADB adb install -r documentViewer.apk The app appear ask for storage permissions.Let’s inspect the source code with jadx (GUI…
-
Read more: Mobile Hacking Lab – Guess MeDescription: Welcome to the “Guess Me” Deep Link Exploitation Challenge! Immerse yourself in the world of cybersecurity with this hands-on lab. This challenge revolves around a fictitious “Guess Me” app, shedding light on a critical security flaw related to deep links that can lead to remote code execution within the app’s framework. Download: https://lautarovculic.com/my_files/guessMe.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-guess-me Install the…
-
Read more: Mobile Hacking Lab – StringsDescription: Welcome to the Strings Challenge! In this lab,your goal is to find the flag. The flag’s format should be “MHL{…}“. The challenge will give you a clear idea of how intents and intent filters work on android also you will get a hands-on experience using Frida APIs. Download: https://lautarovculic.com/my_files/strings-MHL.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-strings Install the app with ADB adb install -r strings-MHL.apk…
-
Read more: Mobile Hacking Lab – Food StoreDescription: Welcome to the Android App Security Lab: SQL Injection Challenge! Dive into the world of cybersecurity with our hands-on lab. This challenge is centered around a fictitious “Food Store” app, highlighting the critical security flaw of SQL Injection (SQLi) within the app’s framework. Download: https://lautarovculic.com/my_files/foodStore.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-food-store Install it with ADB adb install -r foodStore.apk Then, let’s decompile with apktool…
-
Read more: Mobile Hacking Lab – Cyclic ScannerDescription: Welcome to the Cyclic Scanner Challenge! This lab is designed to mimic real-world scenarios where vulnerabilities within Android services lead to exploitable situations. Participants will have the opportunity to exploit these vulnerabilities to achieve remote code execution (RCE) on an Android device. Download: https://lautarovculic.com/my_files/cyclicScanner.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-cyclic-scanner Install the APK with ADB adb install -r cyclicScanner.apk Decompile it with apktool and let’s inspect…