M 301: Qark (15 pts) M 301：Qark（15分）

What You Need for This Project你需要什么这个项目

An Android emulator or device to test the app on用于测试应用的Android模拟器或设备
Android Debug Bridge running on Kali在Kali上运行的Android Debug Bridge
You should have that already set up from previous projects您应该已经从之前的项目中设置了该项目

Purpose目的

To practice using Qark, an Android vulnerability scanner from LinkedIn.使用来自LinkedIn的Android漏洞扫描程序Qark进行练习。

Installing Qark安装Qark

On Kali, in a Terminal, execute these commands:在Kali上，在终端中执行以下命令：

git clone https://github.com/linkedin/qark git clone https://github.com/linkedin/qark
cd qark cd qark
pip install -r requirements.txt pip install -r requirements.txt
pip install .点子安装。 
qark --help qark --help

You see a Qark help message, as shown below.您会看到Qark帮助消息，如下所示。

Connecting to your Android Device with ADB使用ADB连接到您的Android设备

On Kali, in a Terminal, execute these commands, replacing the IP address with the IP address of your Genymotion Android device:在Kali上，在终端中，执行这些命令，将IP地址替换为您的Genymotion Android设备的IP地址：

adb connect 172.16.123.154 adb connect 172.16.123.154
adb devices -l adb devices -l

You should see your Genymotion device in the "List of devices attached", as shown below.您应该在“附加设备列表”中看到您的Genymotion设备，如下所示。

Pulling the GenieMD APK from the Phone从电话中拉出GenieMD APK

You should already have the GenieMD app installed.您应该已经安装了GenieMD应用程序。 If you don't, get it from Google Play, as shown below.如果不这样做，请从Google Play获取，如下所示。

To see the complete package name, on Kali, execute this command:要查看完整的软件包名称，请在Kali上执行以下命令：

adb shell pm list packages | adb shell pm list packages | grep genie grep genie

The reply shiows the package name, as shown below.回复显示包名称，如下所示。 Use that package name in the next command to get the APK path:在下一个命令中使用该包名称来获取APK路径：

adb shell pm path com.geniemd.geniemd.harvard adb shell pm path com.geniemd.geniemd.harvard

The reply shiows the full path to the APK.回复显示了APK的完整路径。 Use that path in the next command to pull the APK file:在下一个命令中使用该路径来拉取APK文件：

adb pull /data/app/com.geniemd.geniemd.harvard-A0xnv6wdqwqLoAAgXh3GqA==/base.apk adb pull /data/app/com.geniemd.geniemd.harvard-A0xnv6wdqwqLoAAgXh3GqA==/base.apk

The file downloads into Kali, as shown below.该文件下载到Kali，如下所示。

Scanning the APK with Quark使用Quark扫描APK

On Kali, execute this command:在Kali上，执行以下命令：

qark --apk base.apk qark --apk base.apk

Qark takes about 10 minutes to unpack all the code and scan it, ending with the path to a report file, as shown below. Qark大约需要10分钟来解压缩所有代码并进行扫描，最后是报告文件的路径，如下所示。

After the report is generated, move it to a more convenient location and name with this command:生成报告后，将其移动到更方便的位置并使用以下命令命名：

mv /usr/local/lib/python2.7/dist-packages/qark/report/report.html genie.html mv /usr/local/lib/python2.7/dist-packages/qark/report/report.html genie.html

Viewing the Report查看报告

On your Kali desktop, on the left side, click the folder icon.在Kali桌面的左侧，单击文件夹图标。

Navigate to the genie.htm file, as shown below, and double-click it.导航到genie.htm文件，如下所示，然后双击它。

The report opens in Firefox, as shown below.该报告在Firefox中打开，如下所示。

Type Ctrl+F and search for cert to find the SSL certificate validation error, as shown below.键入Ctrl + F并搜索cert以查找SSL证书验证错误，如下所示。

M 301: Unsafe implementation (15 pts) M 301：不安全实施（15分）

Find the text covered by a green box in the image above.找到上图中绿框所覆盖的文字。 That's the flag.那是旗帜。

Sources来源

Qark Qark
Android Penetration Tools Walkthrough Series: QARK Android渗透工具演练系列：QARK

Posted 1-24-19 by Sam Bowne由Sam Bowne发布1-24-19
Converted to a CTF 2-28-19转换为CTF 2-28-19