Learning Penetration Testing of Android Applications

The should be very easy. We configured two virtual machines with all tools you need here:

• https://drive.google.com/open?id=0BwhtuArcTcxMWlhvTW5SYkFsbWc
  • OWASP Android VM.ova - Android 5 VM for the Android App Pentest Workshop (SHA256 236917e4953af0b336f373e72e63946a96ade543107f32acf88df12d9e79755a)
  • OWASP Ruhrpott.ova - Ubuntu based VM for the OWASP Android App Pentest Workshop (SHA256 419e7161172b8270cc2c83f7957a4311b57a63f5229cac4d082c4fec6007dd59)

The following are hardware and software recommendations:

• Linux / Windows / Mac Operating System
• Oracle VirtualBox (in a recent version)
• 25 GB of storage on your hard drive
• >4 GB RAM

1. After you downloaded the two VMs import them in VirtualBox via File -> Import Appliance ....
2. Configure the the DHCP of VirtualBox to allow configure the internal network:
   1. VBoxManage dhcpserver add --netname intnet --ip 10.13.13.100 --netmask 255.255.255.0 --lowerip 10.13.13.101 --upperip 10.13.13.254 --enable
3. Start the Android VM first and wait until it is booted, this ensures that the it will have the IP 10.13.13.101. (PIN: 0000)
4. Start the OWASP VM. It will should have the IP 10.13.13.102. (pentester:owasp2017)
5. You are now ready to start with the challenges.

This repository was used in previous Workshops and the following table is used to reference them:

It would be nice if you give us a small notice, when you are doing a workshop with our project so we can reference it here.

You can contribute via a pull request or an issue with a bug or a feature request. Please keep in mind that we are developing this project in our free time so a response might take some time. To contribute with challenges see the CONTRIBUTING.md file.

In the case you are get stuck with a challenge, see the wiki for hints.