MHL Note Keeper

Challenge Description Welcome to the NoteKeeper Application, where users can create and encode short notes. However, lurking within the app is a critical buffer overflow vulnerability. Your mission is to uncover this vulnerability and exploit it to achieve remote code execution. notekeeper.apk Solution I started out by performing static analysis to look into the code Static Analysis I started out by looking into the AndroidManifest.xml. 1 2 3 4 5 6 7 8 <activity android:name="com.mobilehackinglab.notekeeper.MainActivity" android:exported="true"> <intent-filter> <action android:name="android.intent.action.MAIN"/> <category android:name="android.intent.category.LAUNCHER"/> </intent-filter> </activity> There’s only one activity at the moment so lets look into it. ...

April 8, 2025 · 11 min · 2323 words

MHL Document Viewer

Challenge Description Welcome to the Remote Code Execution (RCE) Challenge! This lab provides a real-world scenario where you’ll explore vulnerabilities in popular software. Your mission is to exploit a path traversal vulnerability combined with dynamic code loading to achieve remote code execution. documentviewer.apk Solution I started out by working on static analysis. Static Analysis As usual, I check the AndroidManifest.xml. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 <activity android:name="com.mobilehackinglab.documentviewer.MainActivity" android:exported="true"> <intent-filter> <action android:name="android.intent.action.MAIN"/> <category android:name="android.intent.category.LAUNCHER"/> </intent-filter> <intent-filter> <action android:name="android.intent.action.VIEW"/> <category android:name="android.intent.category.DEFAULT"/> <category android:name="android.intent.category.BROWSABLE"/> <data android:scheme="file"/> <data android:scheme="http"/> <data android:scheme="https"/> <data android:mimeType="application/pdf"/> </intent-filter> </activity> There is only one MainActivity activity and it has the intent filter where it accept some URI parameter. ...

April 7, 2025 · 7 min · 1402 words

MHL Post Board

Challenge Description Welcome to the Android Insecure WebView Challenge! This challenge is designed to delve into the complexities of Android’s WebView component, exploiting a Cross-Site Scripting (XSS) vulnerability to achieve Remote Code Execution (RCE). It’s an immersive opportunity for participants to engage with Android application security, particularly focusing on WebView security issues. postboard.apk Solution As usual, I started by performing static analysis to get some understanding of the application. Static Analysis I started out by reading the AndroidManifest.xml code after decompiling using jadx-gui. ...

April 4, 2025 · 6 min · 1206 words