deserialization
-
Read more: Mobile Hacking Lab – Config EditorDescription: Welcome to the Config Editor Challenge! In this lab, you’ll dive into a realistic situation involving vulnerabilities in a widely-used third-party library. Your objective is to exploit a library-induced vulnerability to achieve RCE on an Android application. Download: https://lautarovculic.com/my_files/configEditor.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-config-editor-rce Install the APP with ADB adb install -r configEditor.apk We can see that there ask for storage permissions.Also, notice that we have two…
-
Read more: PwnSec CTF 2024 – SnakeDescription: Make sure to run the mobile application on Android API 28 or less (Android 9 or less).Download content: https://lautarovculic.com/my_files/snake.zip Install the apk with ADB.NOTEIll use an AVD (Android Virtual Device) non-rooted from the Android Studio SDK. adb install -r snake.apk The UI app doesn’t have nothing interesting. But is good notice that the app ask for us about storage permissions.In fact, the AndroidManifest.xml file have Let’s decompile the app…