M11: Qark (15 pts)

What You Need for This Project

To practice using Qark, an Android vulnerability scanner from LinkedIn.

On Kali, in a Terminal, execute these commands:

git clone https://github.com/linkedin/qark cd qark pip install -r requirements.txt pip install . qark --help

You see a Qark help message, as shown below.

On Kali, in a Terminal, execute these commands, replacing the IP address with the IP address of your Genymotion Android device:

adb connect 172.16.123.154 adb devices -l

You should see your Genymotion device in the "List of devices attached", as shown below.

You should already have the GenieMD app installed. If you don't, get it from Google Play, as shown below.

To see the complete package name, on Kali, execute this command:

adb shell pm list packages | grep genie

The reply shiows the package name, as shown below. Use that package name in the next command to get the APK path:

adb shell pm path com.geniemd.geniemd.harvard

The reply shiows the full path to the APK. Use that path in the next command to pull the APK file:

adb pull /data/app/com.geniemd.geniemd.harvard-A0xnv6wdqwqLoAAgXh3GqA==/base.apk

The file downloads into Kali, as shown below.

On Kali, execute this command:

qark --apk base.apk

Qark takes about 10 minutes to unpack all the code and scan it, ending with the path to a report file, as shown below.

After the report is generated, move it to a more convenient location and name with this command:

mv /usr/local/lib/python2.7/dist-packages/qark/report/report.html genie.html

On your Kali desktop, on the left side, click the folder icon.

Navigate to the genie.htm file, as shown below, and double-click it.

The report opens in Firefox, as shown below.

Type Ctrl+F and search for cert to find the SSL certificate validation error, as shown below.

Find the text covered by a green box in the image above. Enter it into the form below to record your success.

Use the form below to record your success.

Name:

Text:

Posted 1-24-19 by Sam Bowne
Converted to a CTF 2-28-19