Sign up, as shown below.
Only 60 Minutes
As of Jan 28, 2020, the free trial
period has been reduced to 60 minutes.
You can make another account to get another
60 minutes, with a different email address.
Open your email and click the link Geny.io sent you.
Log in. The Genymotion cloud main page appears, as shown below.
Click the "CLICK TO DISPLAY" message to see the Android home screen, as shown below.
https://apkcombo.com/apk-downloader/?q=com.yieldnotion.equitypandit
Click the green "Download APK" bar, as shown below.
Save the file on your local computer.
A progress indicator will appear in the upper left of the device screen. In the image below, the upload is 48% completed.
When the upload is done, the app installs and launches, as shown below.
On your Google Cloud Debian server, in an SSH session, execute these commands:
sudo apt update
sudo apt install android-sdk -y
sudo apt install python3-pip -y
pip3 install gmsaas
nano ~/.bashrc
export PATH="$PATH:/home/$USER/.local/bin"
source ~/.bashrc
gmsaas config set android-sdk-path /usr/lib/android-sdk/
gmsaas auth login sam@mailinator.com
As a point of interest, your password is saved locally with Base64 encoding, as shown below, an outrageously insecure practice.
gmsaas instances list
On your Debian cloud server, execute these commands:
gmsaas instances list -q | xargs -n1 gmsaas instances adbconnect
adb devices -l
adb logcat
Press Ctrl+C to stop the scrolling.
adb logcat | grep password
flagme@aol.com
In the Password field, hit several random numbers and letters, as shown below. Click the green Go button.
Flag M110.1: Exposed Password (15 pts extra)
On your Debian cloud server, that account's password appears. It contains the flag, which is covered by a green box in the image below.
Capturing a Screen Image
Capture a WHOLE-DESKTOP image showing the flag.Save the image as "Proj W 200 from YOUR NAME".
https://portswigger.net/burp/communitydownload
Click the "Download for Linux (64-bit)" button, as shown below.
Save the file.
On your Debian server, in an SSH window, execute this command:
sudo bash ./snap/firefox/common/Downloads/burpsuite_community_lin
ux_v2_1_04.sh
Click "I Acceept". Click Next. Click "Start Burp".
Click the Options sub-tab.
In the "Proxy Listeners" section, click 127.0.0.1:8080 and click the Edit button.
In the "Edit proxy listener" box, click the "All interfaces" button.
Click OK. Click Yes.
The "Proxy Listeners" section should now show an Interface of click *:8080, as shown below.
Click the "HTTP history" sub-tab.
Scroll down to the "NETWORKING" section.
Point to "VPC network" and click "Firewall rules".
At the top center, click "CREATE FIREWALL RULE".
Enter these values, as shown below:
In the Google Cloud Console, at the top left, click the three-bar "hamburger" icon.
Point to "Compute Engine" and click "VM instances".
Find your Linux server's public IP address, as shown below:
Click the Home Button again and drag it up to see all apps.
Click Settings. Click "Network & internet". Click Wi-Fi.
In the "AndroidWifi" line, click the gear icon.
At the top right, click the pencil icon.
In the AndroidWifi box, click the arrow to expand "Advanced options".
Set the Proxy to Manual. Enter your Debian Cloud Server's IP address and a port of 8080, as shown below.
Click SAVE.
Click the Home Button again and drag it up to see all apps.
Click EquityPandit.
Change the username to
flagme2@aol.com
Click Go.
Flag M110.2: Transmitted Password (10 pts extra)
In Burp, click the second HTTP POST request and click the Response sub-tab to see the flag, which is covered by a green box in the image below.
Capturing a Screen Image
Capture a WHOLE-DESKTOP image showing the flag.Save the image as "Proj M 110 from YOUR NAME".
