Bugbounty, Bypass, Downloads, Hacking Tools, Mobile Security

Allsafe – Intentionally Vulnerable Android Application

Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and technologies. Additionally, I have included some Frida based challenges for you to explore. Have fun and happy hacking!

Useful Frida Scripts

I have my Frida scripts (more like templates) in other repository. I’m sure they might be quite handy for the Frida related tasks. Check it out: https://github.com/t0thkr1s/frida

Tasks / Vulnerabilities

1. Insecure Logging

Simple information disclosure vulnerability. Use the logcat command-line tool to discover sensitive information.

Resources & HackerOne Reports:
2. Hardcoded Credentials

Some credentials are left in the code. Your task is to reverse engineer the app and find sensitive information.

Resources & HackerOne Reports:

3. Root Detection

This is purely for Frida practice. Make the code believe that you device is not rooted!

4. Arbitrary Code Execution

Loading modules securely with third-party apps are not easy. Write a PoC application and exploit the vulnerability!

Resources & HackerOne Reports:

5. Secure Flag Bypass

Another Frida-based task. No real vulnerability here, just have fun bypassing the secure flag!

Resources & HackerOne Reports:

6. Certificate Pinning Bypass

Certificate pinning is implemented using the OkHttp library. You have to bypass it in order to view the traffic with Burp Suite.

Resources & HackerOne Reports:

7. Insecure Broadcast Receiver

There’s a vulnerable broadcast recevier in the application. Trigger it with the correct data and you’re done!

Resources & HackerOne Reports:

8. Deep Link Exploitation

Similar to the insecure broadcast receiver, you need to provide the right query parameter to complete this task!

Resources & HackerOne Reports:

9. SQL Injection

Just a regular SQL injection that you’d find in web applications. No need to reverse the code to bypass the login mechanism.

Resources & HackerOne Reports:

Show me how it’s done!


10. Vulnerable WebView

You can also complete this task without decompiling the application. Pop an alert dialog and read files!

Resources & HackerOne Reports:
11. Smali Patching

In this task, you have to modify the execution flow of the application by editing the Smali code. Finally, rebuild and sign the APK!

Resources & HackerOne Reports:

12. Native Library

The application uses a native library that validates the entered password. Reverse engineer the library to find the password then use Frida to hook the native method.

Resources & HackerOne Reports:

Source : KitPloit – PenTest Tools!

Previous ArticleNext Article
Send this to a friend