android
-
Read more: AHE17: Android Hacking Events 2017 (Flag-Validator)Methods For this challenge, probably we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation For download the APKhttps://team-sik.org/wp-content/uploads/2017/06/FlagValidator.apk_.zip With apktool will extract the content of the apk file apktool d FlagValidator.apk Let’s see the content of MainActivity.java that say so clear the structure of the flag.In the onValidateClick method public void onValidateClick(View view) { new StringBuilder(“Validate Token…
-
Read more: FastJson and Furious – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: A couple years ago I was experimenting with Android Development and I created this application to hide my secret, but now I forgot how to get it back. Can you help me? First, download the .zip file and extract them with hackthebox password. Then, we’ll use apktool for…
-
Read more: Injured Android – Flag 1 to 13This CTF Mobile has taken from here:https://github.com/B3nac/InjuredAndroid I use a Genymotion Android device (API 29) for this challenge.For install and use the application, you must install an ARM Translator. I use the .zip file for Android 9.0, it’s work fine for the emulator. You can find the translator here:https://github.com/m9rco/Genymotion_ARM_Translation Flags First Steps There are so many flags in the application,…
-
Read more: AHE17: Android Hacking Events 2017 (AES-Decrypt)For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation For download the APK https://team-sik.org/wp-content/uploads/2017/06/AES-Decrypt.apk_.zip Now, installing the APK, we can see a button and two text box for decrypt something. Then, let’s take around the code with jadx. Just we need this piece of Java…
-
Read more: burpCertAndroidThis is an automated script for installing BurpSuite certificate in Android devices. GitHub BurpSuite Cert for Android Installer – v1 The script was tested and developed for Android devices running in Genymmotion. If you have errors in the execution of the script, visit the step by step in the post I have written: POST Setup…
-
Read more: Joker – Hack The Box – @lautarovculicDifficult: Hard Category: Mobile OS: Android Description: The malware reverse engineering team got an alert about malware which is still published on Google’s PlayStore and has thousands of installs. Can you help them to identify the address of the command and control server in order to blacklist it ? Download and extract the .zip file…
-
Read more: Explore – Hack The Box – @lautarovculicUser.txt Let’s check the open ports with nmap sudo nmap -sV -p- -Pn -vv -T4 10.10.10.247 Output: PORT STATE SERVICE REASON VERSION 2222/tcp open ssh syn-ack ttl 63 Banana Studio SSH server app (net.xnano.android.sshserver.tv) (protocol 2.0) 5555/tcp filtered freeciv no-response 46243/tcp open unknown syn-ack ttl 63 59777/tcp open http syn-ack ttl 63 Bukkit JSONAPI httpd…
-
Read more: APKrypt – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: Can you get the ticket without the VIP code? Download the zip file and extract with the hackthebox password. There are a README.txt file that say Install this application in an API Level 29 or earlier (i.e. Android 10.0 (Google APIs)). Decompile the apk with apktool apktool d…
-
Read more: Anchored – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: A client asked me to check if I can intercept the https request and get the value of the secret parameter that is passed along with the user’s email. The application is intended to run in a non-rooted device. Can you help me find a way to intercept…
-
Read more: Manager – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: A client asked me to perform security assessment on this password management application. Can you help me? Download, and extract the .zip file with the password hackthebox, and, Start the Instance. In my case is: 94.237.54.233:56388 There are a README.txt file that say Install this application in an…