InjuredAndroid : A Vulnerable Android Application

InjuredAndroid is a vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity.

Setup for a physical device

  • Download injuredandroid.apk from Github
  • Enable USB debugging on your Android test phone.
  • Connect your phone and your pc with a usb cable.
  • Install via adb. adb install injuredandroid.apk. Note: You need to use the absolute path to the .apk file or be in the same directory.

Also Read – NFStream : A Flexible Network Data Analysis Framework

Setup for an Android Emulator using Android Studio

  • Download the apk file.
  • Start the emulator from Android Studio (I recommend downloading an emulator with Google APIs so root adb can be enabled).
  • Drag and drop the .apk file on the emulator and injuredandroid.apk will install.

Tips and CTF Overview

De-compiling the Android app is highly recommended.

  • XSSTEST is just for fun and to raise awareness on how WebViews can be made vulnerable to XSS.
  • The login flags just need the flag submitted.
  • The flags without a submit that demonstrate concepts will automatically register in the “Flags Overview” Activity.
  • The last two flags don’t register because there currently isn’t a remote verification method (I plan to change this in a future update). This was done to prevent using previous flag methods to skip the exploitation techniques.
  • There is one flag with a Pentesterlab 1 month gift key. The key is stored in a self destructing note after It’s read, do not close the browser tab before copying the url.
  • The exclamatory buttons on the bottom right will give users up to three tips for each flag.
R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago