android
-
Read more: Joker – Hack The Box – @lautarovculic
Difficult: Hard Category: Mobile OS: Android Description: The malware reverse engineering team got an alert about malware which is still published on Google’s PlayStore and has thousands of installs. Can you help them to identify the address of the command and control server in order to blacklist it ? Download and extract the .zip file…
-
Read more: Explore – Hack The Box – @lautarovculic
User.txt Let’s check the open ports with nmap sudo nmap -sV -p- -Pn -vv -T4 10.10.10.247 Output: PORT STATE SERVICE REASON VERSION 2222/tcp open ssh syn-ack ttl 63 Banana Studio SSH server app (net.xnano.android.sshserver.tv) (protocol 2.0) 5555/tcp filtered freeciv no-response 46243/tcp open unknown syn-ack ttl 63 59777/tcp open http syn-ack ttl 63 Bukkit JSONAPI httpd…
-
Read more: APKrypt – Hack The Box – @lautarovculic
Difficult: Easy Category: Mobile OS: Android Description: Can you get the ticket without the VIP code? Download the zip file and extract with the hackthebox password. There are a README.txt file that say Install this application in an API Level 29 or earlier (i.e. Android 10.0 (Google APIs)). Decompile the apk with apktool apktool d…
-
Read more: Anchored – Hack The Box – @lautarovculic
Difficult: Easy Category: Mobile OS: Android Description: A client asked me to check if I can intercept the https request and get the value of the secret parameter that is passed along with the user’s email. The application is intended to run in a non-rooted device. Can you help me find a way to intercept…
-
Read more: Manager – Hack The Box – @lautarovculic
Difficult: Easy Category: Mobile OS: Android Description: A client asked me to perform security assessment on this password management application. Can you help me? Download, and extract the .zip file with the password hackthebox, and, Start the Instance. In my case is: 94.237.54.233:56388 There are a README.txt file that say Install this application in an…
-
Read more: Pinned – Hack The Box – @lautarovculic
Difficult: Easy Category: Mobile OS: Android Description: This app has stored my credentials and I can only login automatically. I tried to intercept the login request and restore my password, but this seems to be a secure connection. Can you help bypass this security restriction and intercept the password in plaintext? Download the .zip file…
-
Read more: Don’t Overreact – Hack The Box – @lautarovculic
Difficult: Very Easy Category: Mobile OS: Android (SDK 29) Description: Some web developers wrote this fancy new app! It’s really cool, isn’t it? Download the .zip file and extract with hackthebox password. Let’s decompile the apk file with apktool apktool d app-release.apk We can see that the SDK is 29, then we can use Android…
-
Read more: Investigator – Hack The Box – @lautarovculic
Difficult: Medium Category: Mobile OS: Android Description: In one of the mobile forensics investigations we encountered, our agent gave us these files and told us that their owner using one password for almost everything. Can you extract the flag from the secret messages? Download the .zip file and extract the content with the hackthebox password.…
-
Read more: Waiting – Hack The Box – @lautarovculic
Difficult: Medium Category: Mobile OS: Android Description: The app stores a secret and says it is stored securely even in case the application has been tampered. Are you able to retrieve it? As always, download the .zip file and extrat with hackthebox as password. Decompile with apktool apktool d app-release.apk The SDK is 31, then…
-
Read more: Angler – Hack The Box – @lautarovculic
Difficult: Medium Category: Mobile OS: Android Description: The skilled fisherman used his full strength and expertise to hook the fish. Can you beat him and set the fish free? First we’ll download the .apk file. The pass is hackthebox And then decompile with apktool ☝️🤓 apktool d Angler.apk The SDK version is 32, then we…