Ddev&securityindevandsecurity.com·Feb 20 · 5 min readParse & Pwn - MHL CTF WriteupThis was an interesting challenge from MobileHackingLab involving a markdown previewer app. (Spoiler: it wasn't just about markdown parsing ;p) It made me feel stupid once I finished the challengeXD T00
Ddev&securityindevandsecurity.com·Feb 16 · 6 min readMobileHackingLab: Food Store - SQL Injection ChallengeThis was another interesting challenge from MHL regarding SQL injection. (Spoiler Alert: there was more than sql injection in this challenge;p) This is more like a walkthrough of the challenge. This was the objective from MHL: Exploit a SQL Injecti...00
Ddev&securityindevandsecurity.com·Feb 3 · 7 min readMobile Hacking Lab: Post Board - WebView XSS to RCE ChallengeObjective: Exploit XSS vulnerability in WebView's markdown parser to achieve Remote Code Execution via command injection This was a fascinating challenge from Mobile Hacking Lab that combined web security (XSS) with Android security (command injectio...00
Ddev&securityindevandsecurity.com·Feb 3 · 4 min readMobile Hacking Lab: IoT Connect - Android Broadcast Receiver ChallengeObjective: Exploit an exported broadcast receiver to bypass PIN validation and control IoT devices This challenge was part of Mobile Hacking Lab exploiting broadcast receiver, IoT Connect. It was interesting to learn about broadcast receivers, AES en...00
Ddev&securityindevandsecurity.com·Jan 24 · 6 min readMobile Hacking Lab; Cyclic Scanner ; Android Services ChallengeObjective: Exploit a vulnerability in an Android service to achieve Remote Code Execution (RCE) This CTF challenge taught me about command injection through filenames and how unexported Android services can still be vulnerable. Let me walk you throug...00