Writeups
CTF Writeups
-
Read more: APKrypt – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: Can you get the ticket without the VIP code? Download the zip file and extract with the hackthebox password. There are a README.txt file that say Install this application in an API Level 29 or earlier (i.e. Android 10.0 (Google APIs)). Decompile the apk with apktool apktool d…
-
Read more: Anchored – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: A client asked me to check if I can intercept the https request and get the value of the secret parameter that is passed along with the user’s email. The application is intended to run in a non-rooted device. Can you help me find a way to intercept…
-
Read more: Manager – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: A client asked me to perform security assessment on this password management application. Can you help me? Download, and extract the .zip file with the password hackthebox, and, Start the Instance. In my case is: 94.237.54.233:56388 There are a README.txt file that say Install this application in an…
-
Read more: Pinned – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: This app has stored my credentials and I can only login automatically. I tried to intercept the login request and restore my password, but this seems to be a secure connection. Can you help bypass this security restriction and intercept the password in plaintext? Download the .zip file…
-
Read more: Don’t Overreact – Hack The Box – @lautarovculicDifficult: Very Easy Category: Mobile OS: Android (SDK 29) Description: Some web developers wrote this fancy new app! It’s really cool, isn’t it? Download the .zip file and extract with hackthebox password. Let’s decompile the apk file with apktool apktool d app-release.apk We can see that the SDK is 29, then we can use Android…
-
Read more: Protected: BoardLight – Hack The Box – @lautarovculicThere is no excerpt because this is a protected post.
-
Read more: Investigator – Hack The Box – @lautarovculicDifficult: Medium Category: Mobile OS: Android Description: In one of the mobile forensics investigations we encountered, our agent gave us these files and told us that their owner using one password for almost everything. Can you extract the flag from the secret messages? Download the .zip file and extract the content with the hackthebox password.…
-
Read more: Waiting – Hack The Box – @lautarovculicDifficult: Medium Category: Mobile OS: Android Description: The app stores a secret and says it is stored securely even in case the application has been tampered. Are you able to retrieve it? As always, download the .zip file and extrat with hackthebox as password. Decompile with apktool apktool d app-release.apk The SDK is 31, then…
-
Read more: Angler – Hack The Box – @lautarovculicDifficult: Medium Category: Mobile OS: Android Description: The skilled fisherman used his full strength and expertise to hook the fish. Can you beat him and set the fish free? First we’ll download the .apk file. The pass is hackthebox And then decompile with apktool ☝️🤓 apktool d Angler.apk The SDK version is 32, then we…
-
Read more: Protected: SolarLab – Hack The Box – @lautarovculicThere is no excerpt because this is a protected post.