A vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity. Setup for a physical device Download injuredandroid.apk from Github Enable USB debugging on your Android test phone. Connect your phone and your pc with a usb cable. Install via adb. adb install injuredandroid.apk . Note: You need to use the absolute path to the .apk file or be in the same directory. Setup for an Android Emulator using Android Studio Download the apk file. Start the emulator from Android Studio (I recommend downloading an emulator with Google APIs so root adb can be enabled). Drag and drop the .apk file on the emulator and injuredandroid.apk will install. Tips and CTF Overview Decompiling the Android app is highly recommended. XSSTEST is just for fun and to raise awareness on how WebViews can be made vulnerable to XSS. The login flags just need the flag submitted. The flags without a submit that demonstrate concepts will automatically register in the "Flags Overview" Activity. The last two flags don't register because there currently isn't a remote verification method (I plan to change this in a future update). This was done to prevent using previous flag methods to skip the exploitation techniques. There is one flag with a Pentesterlab 1 month gift key. The key is stored in a self destructing note after It's read, do not close the browser tab before…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-02-09 07:00:002020-02-09 07:00:00InjuredAndroid - A Vulnerable Android Application That Shows Simple Examples Of Vulnerabilities In A CTF Style
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com