mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-30 00:20:59 +00:00
115 lines
5.8 KiB
Markdown
115 lines
5.8 KiB
Markdown
# Google CTF 2018 - Je Tuonane Kucheza Mchezo?
|
|
|
|
<details>
|
|
|
|
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
|
|
|
|
Njia nyingine za kusaidia HackTricks:
|
|
|
|
* Ikiwa unataka kuona **kampuni yako ikionekana katika HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
|
|
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
|
|
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PR kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
|
|
|
|
</details>
|
|
|
|
Pakua APK hapa:
|
|
|
|
Nitaipakia APK kwenye [https://appetize.io/](https://appetize.io) (akaunti ya bure) kuona jinsi apk inavyofanya kazi:
|
|
|
|
![](<../../.gitbook/assets/image (46).png>)
|
|
|
|
Inaonekana unahitaji kushinda mara 1000000 ili kupata bendera.
|
|
|
|
Kwa kufuata hatua kutoka [kudukua Android](./) unaweza kudecompile programu ili kupata msimbo wa smali na kusoma msimbo wa Java kwa kutumia jadx.
|
|
|
|
Kusoma msimbo wa java:
|
|
|
|
![](<../../.gitbook/assets/image (47).png>)
|
|
|
|
Inaonekana kama kazi ambayo itachapisha bendera ni **m().**
|
|
|
|
## **Mabadiliko ya Smali**
|
|
|
|
### **Piga m() mara ya kwanza**
|
|
|
|
Tufanye programu ipige m() ikiwa kipengele _this.o != 1000000_, kwa kufanya hivyo, tuibadilishe hali:
|
|
```
|
|
if-ne v0, v9, :cond_2
|
|
```
|
|
/hive/hacktricks/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md
|
|
|
|
# Shall we play a game?
|
|
|
|
## Challenge Description
|
|
|
|
This challenge is about an Android application that simulates a game. The goal is to find a vulnerability in the app and exploit it to gain access to the flag.
|
|
|
|
## Initial Analysis
|
|
|
|
To start, we need to decompile the APK file using a tool like JADX or apktool. Once decompiled, we can analyze the source code to identify any potential vulnerabilities.
|
|
|
|
## Reverse Engineering
|
|
|
|
Upon analyzing the source code, we find that the app uses a WebView to load a URL. This is a common vulnerability as it can allow an attacker to execute arbitrary JavaScript code.
|
|
|
|
## Exploiting the Vulnerability
|
|
|
|
To exploit this vulnerability, we can intercept the network traffic using a tool like Burp Suite. By modifying the response from the server, we can inject our own JavaScript code to execute on the WebView.
|
|
|
|
## Finding the Flag
|
|
|
|
Once we have control over the WebView, we can use JavaScript to manipulate the app and find the flag. In this case, we can search for the flag by inspecting the DOM elements or by using JavaScript functions to interact with the app's logic.
|
|
|
|
## Conclusion
|
|
|
|
By identifying and exploiting vulnerabilities in Android applications, we can gain unauthorized access and find sensitive information like flags. It is important for developers to secure their apps and for security professionals to perform thorough penetration testing to identify and fix any vulnerabilities.
|
|
```
|
|
if-eq v0, v9, :cond_2
|
|
```
|
|
![Kabla](<../../.gitbook/assets/image (48).png>)
|
|
|
|
![Baada](<../../.gitbook/assets/image (49).png>)
|
|
|
|
Fuata hatua za [pentest Android](./) ili kurekebisha na kusaini APK. Kisha, pakia kwenye [https://appetize.io/](https://appetize.io) na tuone kinachotokea:
|
|
|
|
![](<../../.gitbook/assets/image (50).png>)
|
|
|
|
Inaonekana bendera imeandikwa bila kufunguliwa kabisa. Labda kazi ya m() inapaswa kuitwa mara 1000000.
|
|
|
|
**Njia nyingine** ya kufanya hii ni kubadilisha maagizo yanayolinganishwa:
|
|
|
|
![](<../../.gitbook/assets/image (55).png>)
|
|
|
|
**Njia nyingine** ni badala ya kulinganisha na 1000000, weka thamani kuwa 1 ili this.o ilinganishwe na 1:
|
|
|
|
![](<../../.gitbook/assets/image (57).png>)
|
|
|
|
Njia ya nne ni kuongeza maagizo ya kuhamisha thamani ya v9(1000000) kwenda v0 _(this.o)_:
|
|
|
|
![](<../../.gitbook/assets/image (58).png>)
|
|
|
|
![](<../../.gitbook/assets/image (52).png>)
|
|
|
|
## Suluhisho
|
|
|
|
Fanya programu ifanye mzunguko mara 100000 unaposhinda mara ya kwanza. Kufanya hivyo, unahitaji tu kuunda mzunguko wa **:goto\_6** na kufanya programu **iruke hapo ikiwa `this.o`** haifai 100000\:
|
|
|
|
![](<../../.gitbook/assets/image (59).png>)
|
|
|
|
Unahitaji kufanya hivi ndani ya kifaa halisi kwa sababu (sijui kwa nini) hii haifanyi kazi kwenye kifaa cha kusimulizi.
|
|
|
|
<details>
|
|
|
|
<summary><strong>Jifunze kuhusu kudukua AWS kutoka mwanzo hadi mtaalamu na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
Njia nyingine za kusaidia HackTricks:
|
|
|
|
* Ikiwa unataka kuona **kampuni yako inatangazwa kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
|
|
* Pata [**swag rasmi wa PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
|
|
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PR kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|