writeup
-
Read more: Anchored – Hack The Box – @lautarovculic
Difficult: Easy Category: Mobile OS: Android Description: A client asked me to check if I can intercept the https request and get the value of the secret parameter that is passed along with the user’s email. The application is intended to run in a non-rooted device. Can you help me find a way to intercept…
-
Read more: Manager – Hack The Box – @lautarovculic
Difficult: Easy Category: Mobile OS: Android Description: A client asked me to perform security assessment on this password management application. Can you help me? Download, and extract the .zip file with the password hackthebox, and, Start the Instance. In my case is: 94.237.54.233:56388 There are a README.txt file that say Install this application in an…
-
Read more: Pinned – Hack The Box – @lautarovculic
Difficult: Easy Category: Mobile OS: Android Description: This app has stored my credentials and I can only login automatically. I tried to intercept the login request and restore my password, but this seems to be a secure connection. Can you help bypass this security restriction and intercept the password in plaintext? Download the .zip file…
-
Read more: Don’t Overreact – Hack The Box – @lautarovculic
Difficult: Very Easy Category: Mobile OS: Android (SDK 29) Description: Some web developers wrote this fancy new app! It’s really cool, isn’t it? Download the .zip file and extract with hackthebox password. Let’s decompile the apk file with apktool apktool d app-release.apk We can see that the SDK is 29, then we can use Android…
-
Read more: Protected: BoardLight – Hack The Box – @lautarovculic
There is no excerpt because this is a protected post.
-
Read more: Investigator – Hack The Box – @lautarovculic
Difficult: Medium Category: Mobile OS: Android Description: In one of the mobile forensics investigations we encountered, our agent gave us these files and told us that their owner using one password for almost everything. Can you extract the flag from the secret messages? Download the .zip file and extract the content with the hackthebox password.…
-
Read more: Waiting – Hack The Box – @lautarovculic
Difficult: Medium Category: Mobile OS: Android Description: The app stores a secret and says it is stored securely even in case the application has been tampered. Are you able to retrieve it? As always, download the .zip file and extrat with hackthebox as password. Decompile with apktool apktool d app-release.apk The SDK is 31, then…
-
Read more: Angler – Hack The Box – @lautarovculic
Difficult: Medium Category: Mobile OS: Android Description: The skilled fisherman used his full strength and expertise to hook the fish. Can you beat him and set the fish free? First we’ll download the .apk file. The pass is hackthebox And then decompile with apktool ☝️🤓 apktool d Angler.apk The SDK version is 32, then we…
-
Read more: Protected: SolarLab – Hack The Box – @lautarovculic
There is no excerpt because this is a protected post.
-
Read more: Mailing – Hack The Box – @lautarovculic
User.txt Let’s discover the open ports with nmap sudo nmap -sS -sV –min-rate 5000 -n -Pn -T4 -vv 10.10.11.14 Output PORT STATE SERVICE REASON VERSION 25/tcp open smtp syn-ack ttl 127 hMailServer smtpd 80/tcp open http syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 110/tcp open pop3 syn-ack ttl 127 hMailServer pop3d 135/tcp open msrpc…