10 May 2020

Setup a Extremely Vulnerable Android Lab for Beginners - EVABS

Hey cats🐱‍💻, Today we are going to discuss an open-source Android application that is purposely vulnerable to work as a learning platform for Android application security beginners/students.

We already hear about the vulnerable web application. These are tools that help practice various hacking methods. These applications are made intentionally vulnerable to the practice.

Most of the vulnerable web applications like OWASPMutillidae, bWAPP, DVWA, WebGoat, and more. They are just available and fit with the PC platforms. Because there are higher users for PC platforms therefore most developers do not like to focus on the Android platform.

However, some amazing developers work hard to develop Android platform compatible hacking tools. Such type of application is the Extremely Vulnerable Android Labs (EVABS).

The EVABS is an application that is intentionally kept vulnerable for training. It is an excellent alternative to the vulnerable web applications available for PCs. Also, it has some CTF🚩 (Capture the flag) challenges primarily made for beginners/students and they are simpler to solve than other CTF challenges. EVABS follows a level-wise complexity strategy and at each level, the player learns a new concept. This project is still below development and aims at including as many levels as possible.

Let's see how we can set it up.

First, It is suggested to root your Android smartphone. But as an alternative, we can use the Android emulator that comes with android studio. Download EVABS from Github.
Then, Allow the unknown sources from the settings and enable the debugging mode to install the application. Once the EVABS is installed successfully; Open the app and set any name to continue. There you can find 12 levels of challenges.

What we have to do with EVABS?

In this vulnerable android lab, you have to get the flag🏁 and submit it to confirm the solution you found to get into the next level. The difficulty of finding the flag increases with the levels. But if you have no idea how to find a vulnerability, It provides a hint option you can click on it and proceed with the hint.

It's Cool 😎 right?, Because we don't have to get any approval from anyone to practice our hacking techniques. You can practice it in your lab.

Whatsapp Button works on Mobile Device only

Start typing and press Enter to search