F: android hacking

1. A guide to androlab, androlab can be used for exploiting and creating/detecting malware for android.. Today we go thru one of the hacking labs they offer to test on. Start off by downloading the androidlab virtualbox image from https://github.com/sh4hin/Androl4b, choose either google or mega as download source. Extract it and import the image to virtualbox Username : andro Password : androlab Emulator Pin: 1234 open terminal: $android (this is for install neccessary update so check in 'Android 5.1.1(API22)') $android avd Click on "create" AVD name: "demo" Device: Nexus S Target: Android 5.1.1 CPU: ARM Skin: skin with dynamic hardware controls Click on "ok" and lets start it. open up new terminal $cd Desktop $git clone https://github.com/dineshshetty/Android-InsecureBankv2.git $cd Android-InsecureBankv2/ $easy_install flask sqlalchemy simplejson cherrypy $cd AndroLabServer/ now we install insecurebankv2 app cd /root/Desktop/Android-InsecureBankv2/ $adb install InsecureBankv2.apk now you will be able to find 'insecureBankv2' in apps in your phone you created at start. Click on 'menu' than 'preferences' note server ip and port. lets login user:dinesh pass:Dinesh@123$ open android studio, click open, new project and /Desktop/Android-InsecureBankv2/InsecureBankv2 click on the 'gradle console' bottom right corner click on the 'changepassword' script and run chose your emulator device this is basic android exploiting