Feb 16 · 6 min read · This was another interesting challenge from MHL regarding SQL injection. (Spoiler Alert: there was more than sql injection in this challenge;p) This is more like a walkthrough of the challenge. This was the objective from MHL: Exploit a SQL Injecti...
Join discussionFeb 3 · 7 min read · Objective: Exploit XSS vulnerability in WebView's markdown parser to achieve Remote Code Execution via command injection This was a fascinating challenge from Mobile Hacking Lab that combined web security (XSS) with Android security (command injectio...
Join discussionFeb 3 · 4 min read · Objective: Exploit an exported broadcast receiver to bypass PIN validation and control IoT devices This challenge was part of Mobile Hacking Lab exploiting broadcast receiver, IoT Connect. It was interesting to learn about broadcast receivers, AES en...
Join discussionJan 24 · 6 min read · Objective: Exploit a vulnerability in an Android service to achieve Remote Code Execution (RCE) This CTF challenge taught me about command injection through filenames and how unexported Android services can still be vulnerable. Let me walk you throug...
Join discussionJan 23 · 5 min read · Challenge Overview Challenge Name: Guess Me ; Android Deep Link Challenge Objective: Exploit a deep link vulnerability in an Android application to achieve Remote Code Execution (RCE) This CTF styled lab was part of the free android hacking course fr...
Join discussion