Writeups
CTF Writeups
-
Read more: Mobile Hacking Lab – Serial NotesDescription: Welcome to the iOS Application Security Lab: Deserialization Vulnerability Challenge. The challenge revolves around a fictitious note-taking app called Serial Notes. Serial Notes is designed to support markdown editing and has its own file format to share the notes. However, it harbors a critical vulnerability related to deserialization, which can be escalated to command injection.…
-
Read more: Mobile Hacking Lab – FreshcartDescription: Welcome to the iOS Application Security Lab: JavaScript-to-Native Bridge Exploitation Challenge. This challenge is centered around a fictitious grocery app called Freshcart. Freshcart contains a critical vulnerability that allows token stealing by exploiting the JavaScript to native bridge. Your objective is to exploit this vulnerability to steal the token used within the app. Download: https://lautarovculic.com/my_files/freshcart.ipaLink: https://www.mobilehackinglab.com/path-player?courseid=lab-freshcart Install…
-
Read more: Mobile Hacking Lab – Time TrapDescription: Welcome to the Time Trap Challenge. In this challenge, you will explore the vulnerabilities in an internally used application named Time Trap, focusing on Command Injection. Time Trap is a fictional application that showcases insecure practices commonly found in internal applications. Your objective is to exploit the Command Injection vulnerability to gain unauthorized access and…
-
Read more: Mobile Hacking Lab – Gotham TimesDescription: Welcome to the iOS Application Security Lab: Deeplink Exploitation Challenge. The challenge is built around the fictional newspaper Gotham Times, an iOS application providing users with the latest news and updates about events happening in Gotham City. This challenge focuses on the potential vulnerabilities in the deep link feature, emphasizing how attackers can exploit it…
-
Read more: Mobile Hacking Lab – Flipcoin WalletDescription: Welcome to the iOS Application Security Lab: SQL Injection Challenge. The challenge is centered around a fictious crypto currency flipcoin and its wallet Flipcoin Wallet. The Flipcoin wallet is an offline wallet giving users full ownership of their digital assets. The challenge highlights the potential entrypoints that can lead to further serious vulnerabilities including…
-
Read more: Mobile Hacking Lab – NoteKeeperDescription: Welcome to the NoteKeeper Application, where users can create and encode short notes. However, lurking within the app is a critical buffer overflow vulnerability. Your mission is to uncover this vulnerability and exploit it to achieve remote code execution. Download: https://lautarovculic.com/my_files/notekeeper.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-notekeeper Install the app with ADB adb install -r notekeeper.apk We can see how this notes app allows…
-
Read more: Mobile Hacking Lab – Post BoardDescription: Welcome to the Android Insecure WebView Challenge! This challenge is designed to delve into the complexities of Android’s WebView component, exploiting a Cross-Site Scripting (XSS) vulnerability to achieve Remote Code Execution (RCE). It’s an immersive opportunity for participants to engage with Android application security, particularly focusing on WebView security issues. Download: https://lautarovculic.com/my_files/postBoard.apkLink:https://www.mobilehackinglab.com/path-player?courseid=lab-webview Install the app with ADB…
-
Read more: Mobile Hacking Lab – IOT ConnectDescription: Welcome to the “IOT Connect” Broadcast Receiver Exploitation Challenge! Immerse yourself in the world of cybersecurity with this hands-on lab. This challenge focuses on exploiting a security flaw related to the broadcast receiver in the “IOT Connect” application, allowing unauthorized users to activate the master switch, which can turn on all connected devices. The goal is…
-
Read more: Mobile Hacking Lab – Config EditorDescription: Welcome to the Config Editor Challenge! In this lab, you’ll dive into a realistic situation involving vulnerabilities in a widely-used third-party library. Your objective is to exploit a library-induced vulnerability to achieve RCE on an Android application. Download: https://lautarovculic.com/my_files/configEditor.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-config-editor-rce Install the APP with ADB adb install -r configEditor.apk We can see that there ask for storage permissions.Also, notice that we have two…
-
Read more: Mobile Hacking Lab – Secure NotesDescription: Welcome to the Secure Notes Challenge! This lab immerses you in the intricacies of Android content providers, challenging you to crack a PIN code protected by a content provider within an Android application. It’s an excellent opportunity to explore Android’s data management and security features. Download: https://lautarovculic.com/my_files/secureNotes.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-secure-notes Install the APK with ADB adb install -r secureNotes.apk We can see…