Mobile Hacking Lab - Secure Notes Lab Solution

Objective Retrieve a PIN code from a secured content provider in an Android application. Secure Notes Lab 馃憠 : https://www.mobilehackinglab.com/course/lab-secure-notes Secure Note Application The Secure Note application asks for a PIN. Submitting an invalid PIN results in the message [ERROR: Incorrect PIN]. Source Code Analysis Android Manifest Analysing the AndroidManifest.xml, we can see that the application exports a content provider and the MainActivity. <provider android:name="com.mobilehackinglab.securenotes.SecretDataProvider" android:enabled="true" android:exported="true" android:authorities="com.mobilehackinglab.securenotes.secretprovider"/> <activity android:name="com....

December 22, 2023 路 4 min 路 Rizal

Mobile Hacking Lab - Post Board Lab Solution

Objective Exploiting a Cross-Site Scripting (XSS) vulnerability in Android WebView to achieve Remote Code Execution (RCE) The post board challenge from Mobile Hacking Lab is available here 馃憠 https://www.mobilehackinglab.com/course/lab-postboard. Inspecting Android Manifest The application has only one activity com.mobilehackinglab.postboard.MainActivity. The relevant snippet from AndroidManifest.xml is provided below. <activity android:name="com.mobilehackinglab.postboard.MainActivity" android:exported="true"> <intent-filter> <action android:name="android.intent.action.MAIN"/> <category android:name="android.intent.category.LAUNCHER"/> </intent-filter> <intent-filter> <action android:name="android.intent.action.VIEW"/> <category android:name="android.intent.category.DEFAULT"/> <category android:name="android.intent.category.BROWSABLE"/> <data android:scheme="postboard" android:host="postmessage"/> </intent-filter> </activity> As the activity is exported, it can be launched by other applications installed on the same device....

December 20, 2023 路 6 min 路 Rizal

Oversecured OVAA - Vulnerabilities and Exploits

Recon $ frida-ps -Uai | grep ovaa - Oversecured Vulnerable Android App oversecured.ovaa Exploiting Insecure Logger Service Android Manifest Entries - InsecureLoggerService <uses-permission android:name="android.permission.INTERNET"/> <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/> <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/> <service android:name="oversecured.ovaa.services.InsecureLoggerService"> <intent-filter> <action android:name="oversecured.ovaa.action.DUMP"/> </intent-filter> </service> Source Code - InsecureLoggerService // oversecured.ovaa.services.InsecureLoggerService package oversecured.ovaa.services; import android.app.IntentService; import android.content.Intent; import java.io.BufferedReader; import java.io.BufferedWriter; import java.io.File; import java.io.FileWriter; import java.io.IOException; import java.io.InputStreamReader; /* loaded from: classes.dex */ public class InsecureLoggerService extends IntentService { private static final String ACTION_DUMP = "oversecured....

February 27, 2023 路 26 min 路 Rizal