hacker101
-
Read more: Oauthbreaker – Hacker101 CTF – @lautarovculicDifficulty: Moderate Skills: Android Flags: 2 Flag 1/2 The first thing that we need to do is download the .APK file and decompile with apktool ☝️🤓 apktool d oauth.apk And for recon, I’ll run MobSF and jadx-gui The target SDK is 28, then I will use my Android 9.0 with Genymotion. Install the .APK with…
-
Read more: Intentional Exercise – Hacker101 CTF – @lautarovculicDifficulty: Moderate Skills: Android Flags: 1 Flag 1/1 First, we need wait until the APK is building. Download the .APK file. Decompile the .APK with apktool apktool d level13.apk The target SDK is 28 (Android 9.0). Then, install the APK with ADB to our Android Device, I use Genymotion. adb install level13.apk Open the app…
-
Read more: Micro-CMS v2 – Hacker101 CTF – @lautarovculicDifficulty: Moderate Skills: Web Flags: 3 Flag 1/3 The /page/1 Say: This version fixed the multitude of security flaws and general functionality bugs that plagued v1. Additionally, we added user authentication; we’re still not sure why we didn’t think about that the first time, but hindsight is 20/20. By default, users need to be an…
-
Read more: Micro-CMS v1 – @lautarovculicFlags: 4 Difficulty: Easy Category: Web Flag 1/4 By taking a short tour through the application, we can view and edit a number of ready-made testing pages, and we can also create a page. On the first page we see that markdown is allowed, but script… no? Let’s try it. Press the save button and..…
-
Read more: H1 Thermostat – @lautarovculicFlags: 2 Difficulty: Easy Category: Mobile First, I recommend that you read the following post I wrote for Intercepting Android app traffic using Burpsuite. At the end of the post, there is the second flag 😉 But first, I want to clarify something. In this Writeups it is possible to get both flags with two…