A plugin designed for Android challenges in CTFd enables players to automatically triage challenges, particularly those that require the installation of a hostile exploit application on the victim device to exploit the vulnerability. This plugin seamlessly integrates with Genymotion Cloud to provide emulator instances.
The plugin was originally developed for @0xL4ugh CTF.
The CTF operator can add a new Android challenge from the Admin Panel, with the option to set both the session timeout and an additional timeout that is added to the session if the player launches the application. When the player attempts to upload their exploit APK, it will undergo parsing and verification to determine its validity. If valid, the APK will then be installed onto an available emulator instance. Once the session times out, both the vulnerable and exploit applications will be exited, and the exploit application will be uninstalled, leaving the emulator instance ready for the next task.
To-Do, Insha'allah: Make the workflow dynamically with templates feature.
- Clone this repository.
- Copy the plugin folder to the
CTFd/pluginsdirectory. - Restart the CTFd server.
- Navigate to the
Admin Panel->Plugins(Menu Dropdown) ->Android Trigger Plugin. - Use the UI Interface to add Genymotion Cloud Emulator configurations.
- Go to
Admin Panel->Challenges->Create Challenge. - Select Challenge Types: android.
- Fill in the required data for the challenge.
This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.