# LAB - Insecure LogIn

In this lab environment, you will have GUI access to a Debian machine. The **InsecureBankv2** application is available on the Android Emulator.

**Objective:** Identify the insecure logging vulnerability in the InsecureBankv2 application by monitoring log outputs for exposed sensitive data such as usernames and passwords.

The valid credentials for InsecureBankv2 are as follows:

* **Username:** dinesh
* **Password:** Dinesh\@123$

> **Note:** You can start the emulator using the script located on the Desktop. Additionally, check the **/root/Tools** directory for available tools.

***

First, execute the android emulator and open the APK. After this, we can see and configurate a server IP into preferences, secute python app web server an set us IP and Port -->

<figure><img src="/files/9QHTndqEtpkrvaV181wS" alt=""><figcaption></figcaption></figure>

Before it, we can try to login and we can see the credentials send -->

<figure><img src="/files/eTYX6aQveepN8wg4q6cc" alt=""><figcaption></figcaption></figure>

Now, Open a new terminal and run the following command to find the process ID (PID) of the target app.

```
adb shell ps | grep bank
```

<figure><img src="/files/ugGwAFPVXegj8ABxuTr9" alt=""><figcaption></figcaption></figure>

> The PID of the target app is 12543. Please note, this value may differ for you.

Next, run the following command to monitor the device log related to the InsecureBank app:

```
adb logcat | grep 12543
```

<figure><img src="/files/LVyEWiXJ97CADzOvAuCd" alt=""><figcaption></figcaption></figure>

You will observe that the credentials are logged, leading to sensitive information leakage

Let's take a look at the vulnerable source code.

First, determine the location of the target apk file and pull it your host machine using the following commands:

```
## Search APK
adb shell pm list packages -f | grep "insecurebank"
## Download APK
adb pull /data/app/com.android.insecurebankv2-xu-xOuIlKClfvJjYmNC-Jw==/base.apk .
## Open APK
jadx-gui base.apk
```

<figure><img src="/files/IftLA5oqmWiCrJRMVx1l" alt=""><figcaption></figcaption></figure>

This logs a message with the username and password of the successfully logged-in user. It uses the `Log.d()` method to print debug-level information, which is commonly used for development and debugging.

Next, navigate to **Source code > com > android.insecurebankv2 > MyBroadCastReceiver**.

<figure><img src="/files/kEuNNTvvLS1wNVKpfTRI" alt=""><figcaption></figcaption></figure>

> During the password change, the highlighted line above logs both the phone number and the password to the console, potentially leaking sensitive information.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://eldeim.gitbook.io/brain_fuck/notes/certifications/eastereggs/ine-emapt/android-dynamic-testing/lab-insecure-login.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.