i ExploitMe Mobile Android – All things in moderation

ExploitMe Mobile Android

Hi guys! In the last week, I read some lab series for exploit app on android Mobile. I feel it is useful for mobile security. So, in this post I will guide you to install environment for this lab series.

Our labs will help you learn about:
1. Parameter manipulation of mobile traffic
2. Encryption of traffic
3. Password lock screens
4. File system access permissions
5. Insecure storage of files
6. Insecure logging
You can download Labs in link: Click here
Our labs are organized within the following branches:

remotes/origin/Base
remotes/origin/AdvancedEncryptionSolution
remotes/origin/BasicEncryptionSolution
remotes/origin/FilePermissionsSolution
remotes/origin/MemoryProtectionSolution
remotes/origin/PasswordComplexitySolution
remotes/origin/SecureLoggingSolution

ExploitMeMobile’s (EMM) Android app contains six labs within the Base branch. Each of the other branches are solutions to the vulnerability, how one can fix the security vulnerability demonstrated.
We recommend taking the following approach to hacking this Android application.
* Download and build the EMM “Base” project and install it to the emulator. This is the vulnerable android app. It contains all six lab exercises. * Run through each exercise to understand how the Android application works and the vulnerabilities. * Inspect the solutions to each lab and see what the best practices are to securely programming the application.
I will using Android Studio to guide you.

ExploitMe mobile android

You can run “Base” as follows:
Run: Android Studio

Capture

Select File -> New -> Import Project

Exploit adroid

Note: You must make sure you’ve installed an configured the Android SDK properly including the Android platform tools, such as “adb” and “emulator”. We can’t help too much here, but you can see Google’s instructions here. If you can’t run “adb” from the command line, you have likely not configured the SDK properly, or haven’t included “adb” in your path.

In Android Studio, you can Create new Virtual Device(using emulator Android Device).
Click AVD Manager.

Exploit android

In this windows, you choose Crate Virtual Device…
You can turn on Virtual Device by using command line or Click turn on in Android Device Virtual Manager.
With command line you can using as follow:
Run the emulator by using AVD and emulator:
If you’ve never used AVD, you have to create a name and configuration for your emulator. AVD can be found in your SDK/platform-tools folder. Run:
./android.bat

Exploit android

After creating your emulator, run it by clicking “Start” or through command line by:

./emulator -avd name_of_emulator

Exploit android

Now that your emulator is up and running (it will take a while on first start), you can build and push the apk into the emulator by running:

./adb install emm.apk

or you could also run through the Android Studio debugger as shown below:

Exploit android

Now, run lab server:
In this LabServer: python app.py

Exploit android

And finally open the EMM Android application on your emulator device. Upon first login, you’ll be prompted with a login screen.

The default users as configured with this mobile application server are:
jdoe / password
bsmith / password

Login successful you can see as follow:

Capture

So, we have completed the Android development installation. In next post i will show how to check your application mobile is secure of not with our installed environment.

Leave a Reply