reversing
-
Read more: Mobile Hacking Lab – IOT ConnectDescription: Welcome to the “IOT Connect” Broadcast Receiver Exploitation Challenge! Immerse yourself in the world of cybersecurity with this hands-on lab. This challenge focuses on exploiting a security flaw related to the broadcast receiver in the “IOT Connect” application, allowing unauthorized users to activate the master switch, which can turn on all connected devices. The goal is…
-
Read more: Mobile Hacking Lab – Config EditorDescription: Welcome to the Config Editor Challenge! In this lab, you’ll dive into a realistic situation involving vulnerabilities in a widely-used third-party library. Your objective is to exploit a library-induced vulnerability to achieve RCE on an Android application. Download: https://lautarovculic.com/my_files/configEditor.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-config-editor-rce Install the APP with ADB adb install -r configEditor.apk We can see that there ask for storage permissions.Also, notice that we have two…
-
Read more: Mobile Hacking Lab – Secure NotesDescription: Welcome to the Secure Notes Challenge! This lab immerses you in the intricacies of Android content providers, challenging you to crack a PIN code protected by a content provider within an Android application. It’s an excellent opportunity to explore Android’s data management and security features. Download: https://lautarovculic.com/my_files/secureNotes.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-secure-notes Install the APK with ADB adb install -r secureNotes.apk We can see…
-
Read more: Mobile Hacking Lab – Document ViewerDescription: Welcome to the Remote Code Execution (RCE) Challenge! This lab provides a real-world scenario where you’ll explore vulnerabilities in popular software. Your mission is to exploit a path traversal vulnerability combined with dynamic code loading to achieve remote code execution. Download: https://lautarovculic.com/my_files/documentViewer.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-document-viewer-rce Install the APK with ADB adb install -r documentViewer.apk The app appear ask for storage permissions.Let’s inspect the source code with jadx (GUI…
-
Read more: Mobile Hacking Lab – Guess MeDescription: Welcome to the “Guess Me” Deep Link Exploitation Challenge! Immerse yourself in the world of cybersecurity with this hands-on lab. This challenge revolves around a fictitious “Guess Me” app, shedding light on a critical security flaw related to deep links that can lead to remote code execution within the app’s framework. Download: https://lautarovculic.com/my_files/guessMe.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-guess-me Install the…
-
Read more: Mobile Hacking Lab – StringsDescription: Welcome to the Strings Challenge! In this lab,your goal is to find the flag. The flag’s format should be “MHL{…}“. The challenge will give you a clear idea of how intents and intent filters work on android also you will get a hands-on experience using Frida APIs. Download: https://lautarovculic.com/my_files/strings-MHL.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-strings Install the app with ADB adb install -r strings-MHL.apk…
-
Read more: Mobile Hacking Lab – Food StoreDescription: Welcome to the Android App Security Lab: SQL Injection Challenge! Dive into the world of cybersecurity with our hands-on lab. This challenge is centered around a fictitious “Food Store” app, highlighting the critical security flaw of SQL Injection (SQLi) within the app’s framework. Download: https://lautarovculic.com/my_files/foodStore.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-food-store Install it with ADB adb install -r foodStore.apk Then, let’s decompile with apktool…
-
Read more: Mobile Hacking Lab – Cyclic ScannerDescription: Welcome to the Cyclic Scanner Challenge! This lab is designed to mimic real-world scenarios where vulnerabilities within Android services lead to exploitable situations. Participants will have the opportunity to exploit these vulnerabilities to achieve remote code execution (RCE) on an Android device. Download: https://lautarovculic.com/my_files/cyclicScanner.apkLink: https://www.mobilehackinglab.com/path-player?courseid=lab-cyclic-scanner Install the APK with ADB adb install -r cyclicScanner.apk Decompile it with apktool and let’s inspect…
-
Read more: NahamCon 2024 – Kitty Kitty Bang BangDescription: I found a cool android app to play with a cowboy cat! There’s has to be more going on with the app I can’t see on my screen… Download: https://lautarovculic.com/my_files/kittykittybangbang.apk Install the APK with ADB adb install -r kittykittybangbang.apk Let’s decompile it with apktool apktool d kittykittybangbang.apk Also, we can inspect the source code with jadx (GUI version) We can see in the MainActivity…
-
Read more: NahamCon 2024 – Fly AwayDescription: Lenny Kravitz lovers, this new app cleverly named “Fly Away!” can give you random lines from one of his most popular songs. Can you figure out how the songs are being sent to the app? Download: https://lautarovculic.com/my_files/flyaway.apk Install the APK with ADB adb install -r flyaway.apk This app was made in reFlutter. You need install it for proceed with…