Let’s Hack Android: Appknox Vulnerable Application

  1. Source code: https://github.com/appknox/vulnerable-application
  2. Android studio
  3. Android VM
  1. Git clone project
git clone https://github.com/appknox/vulnerable-application.git
adb connect <ip>:5555
adb install <file name>.apk
  1. Dump the permissions
aapt dump permissions <file name>.apk
apktool d vulnerable-application.apk --output vulnerable-application-apktoolcd vulnerable-application-apktoolls -la
gedit AndroidManifest.xml
cp vulnerable-application.apk vulnerable-application.zip
unzip vulnerable-application.zip -d vulnerable-applicationcd vulnerable-applicationls -la
dex2jar classes.dex
ls -la
jd-gui classes_dex2jar.jar
  1. Insecure Logging
adb logcat | grep "Credentials"
username: foo@example.com, password: hellouu
username: foo@example.com, password: hellousername: bar@example.com, password: world
adb shell
am start com.appknox.testapplication/.NextView
am start com.appknox.testapplication/.FailView

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Terraform AWS Provider — Default Tags

The Liskov Substitution Principle Explained In .NET C#

The Liskov Substitution Principle Explained in .NET C#. Really understand the Liskov Substitution Principle of the SOLID principles in DotNet (.NET) CSharp (C#)

Create a sane office environment with these effective code review guidelines

Go-tcha: When nil != nil

A Caveat on Models in Ruby on Rails

A newbie’s instructions to Flutter installation on Windows 10.

Linux L33T! - PE Cheatsheet! [OSCP Prep]

Here’s the data on 1,400 UK charities’ CMS use

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



More from Medium

NahamCon CTF 2022 (Writeup) — Android Reverse Engineering (OTP Vault)

Android Telephony Overview

Greetings to all!

Creditcoin X Flow Partnership(ENG/KOR)