RCE
-
Read more: Mobile Hacking Lab – NoteKeeperDescription: Welcome to the NoteKeeper Application, where users can create and encode short notes. However, lurking within the app is a critical buffer overflow vulnerability. Your mission is to uncover this vulnerability and exploit it to achieve remote code execution. Download: https://lautarovculic.com/my_files/notekeeper.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-notekeeper Install the app with ADB adb install -r notekeeper.apk We can see how this notes app allows…
-
Read more: Mobile Hacking Lab – Post BoardDescription: Welcome to the Android Insecure WebView Challenge! This challenge is designed to delve into the complexities of Android’s WebView component, exploiting a Cross-Site Scripting (XSS) vulnerability to achieve Remote Code Execution (RCE). It’s an immersive opportunity for participants to engage with Android application security, particularly focusing on WebView security issues. Download: https://lautarovculic.com/my_files/postBoard.apkLink:https://www.mobilehackinglab.com/path-player?courseid=lab-webview Install the app with ADB…
-
Read more: Mobile Hacking Lab – Config EditorDescription: Welcome to the Config Editor Challenge! In this lab, you’ll dive into a realistic situation involving vulnerabilities in a widely-used third-party library. Your objective is to exploit a library-induced vulnerability to achieve RCE on an Android application. Download: https://lautarovculic.com/my_files/configEditor.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-config-editor-rce Install the APP with ADB adb install -r configEditor.apk We can see that there ask for storage permissions.Also, notice that we have two…
-
Read more: Mobile Hacking Lab – Document ViewerDescription: Welcome to the Remote Code Execution (RCE) Challenge! This lab provides a real-world scenario where you’ll explore vulnerabilities in popular software. Your mission is to exploit a path traversal vulnerability combined with dynamic code loading to achieve remote code execution. Download: https://lautarovculic.com/my_files/documentViewer.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-document-viewer-rce Install the APK with ADB adb install -r documentViewer.apk The app appear ask for storage permissions.Let’s inspect the source code with jadx (GUI…
-
Read more: Mobile Hacking Lab – Guess MeDescription: Welcome to the “Guess Me” Deep Link Exploitation Challenge! Immerse yourself in the world of cybersecurity with this hands-on lab. This challenge revolves around a fictitious “Guess Me” app, shedding light on a critical security flaw related to deep links that can lead to remote code execution within the app’s framework. Download: https://lautarovculic.com/my_files/guessMe.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-guess-me Install the…
-
Read more: Mobile Hacking Lab – Cyclic ScannerDescription: Welcome to the Cyclic Scanner Challenge! This lab is designed to mimic real-world scenarios where vulnerabilities within Android services lead to exploitable situations. Participants will have the opportunity to exploit these vulnerabilities to achieve remote code execution (RCE) on an Android device. Download: https://lautarovculic.com/my_files/cyclicScanner.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-cyclic-scanner Install the APK with ADB adb install -r cyclicScanner.apk Decompile it with apktool and let’s inspect…
-
Read more: Sea – Hack The Box – @lautarovculicUser.txt Let’s discover open ports with nmap sudo nmap -sV -p- -Pn -vv -T4 –min-rate 5000 10.10.11.28 Output: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack ttl 63 Apache httpd 2.4.41 ((Ubuntu)) We need add sea.htb to our /etc/hosts file sudo echo “10.10.11.28 sea.htb” | sudo…
-
Read more: Injured Android – Flag 1 to 13This CTF Mobile has taken from here:https://github.com/B3nac/InjuredAndroid I use a Genymotion Android device (API 29) for this challenge.For install and use the application, you must install an ARM Translator. I use the .zip file for Android 9.0, it’s work fine for the emulator. You can find the translator here:https://github.com/m9rco/Genymotion_ARM_Translation Flags First Steps There are so many flags in the application,…
-
Read more: PermX – Hack The Box – @lautarovculicUser.txt Let’s see what ports are open with nmap sudo nmap -sV -p- -Pn -vv -T4 10.10.11.23 Output: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack ttl 63 Apache httpd 2.4.52 Service Info: Host: 127.0.1.1; OS: Linux; CPE: cpe:/o:linux:linux_kernel Let’s…
-
Read more: Blazorized – Hack The Box – @lautarovculicUser.txt In first place, we need know what ports are open with nmap sudo nmap -sV -p- -Pn -vv -T4 10.129.81.51 Output: PORT STATE SERVICE REASON VERSION 53/tcp open domain syn-ack ttl 127 Simple DNS Plus 80/tcp open http syn-ack ttl 127 Microsoft IIS httpd 10.0 88/tcp open kerberos-sec syn-ack ttl 127 Microsoft Windows Kerberos…