writeup
-
Read more: AHE17: Android Hacking Events 2017 (Why Should I Pay?)For this challenge, probably we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation For download the APKhttps://team-sik.org/wp-content/uploads/2017/06/WhyShouldIPay.apk_.zip Install the apk with adb adb install -r WhyShouldIPay.apk And decompile the apk with apktool Load the apk to jadx-gui for see the source codeWe can see in the first activity that we have the VERIFY button, that give us an error.And the PREMIUM CONTENT button, that show us…
-
Read more: AHE17: Android Hacking Events 2017 (You Can Hide – But You Cannot Run)For this challenge, probably we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation For download the APKhttps://team-sik.org/wp-content/uploads/2017/06/YouCanHideButYouCannotRun.apk_.zip Use apktool for decompile the .apk file apktool d YouCanHideButYouCannotRun.apk And install the .apk with adb adb install -r YouCanHideButYouCannotRun.apk Launching the app we can see that we have a text that talk about encryption and a button. That say Start to Running if we press it. Let’s load the .apk to jadx for…
-
Read more: AHE17: Android Hacking Events 2017 (Flag-Validator)Methods For this challenge, probably we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation For download the APKhttps://team-sik.org/wp-content/uploads/2017/06/FlagValidator.apk_.zip With apktool will extract the content of the apk file apktool d FlagValidator.apk Let’s see the content of MainActivity.java that say so clear the structure of the flag.In the onValidateClick method public void onValidateClick(View view) { new StringBuilder(“Validate Token…
-
Read more: Sea – Hack The Box – @lautarovculicUser.txt Let’s discover open ports with nmap sudo nmap -sV -p- -Pn -vv -T4 –min-rate 5000 10.10.11.28 Output: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack ttl 63 Apache httpd 2.4.41 ((Ubuntu)) We need add sea.htb to our /etc/hosts file sudo echo “10.10.11.28 sea.htb” | sudo…
-
Read more: FastJson and Furious – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: A couple years ago I was experimenting with Android Development and I created this application to hide my secret, but now I forgot how to get it back. Can you help me? First, download the .zip file and extract them with hackthebox password. Then, we’ll use apktool for…
-
Read more: Injured Android – Flag 1 to 13This CTF Mobile has taken from here:https://github.com/B3nac/InjuredAndroid I use a Genymotion Android device (API 29) for this challenge.For install and use the application, you must install an ARM Translator. I use the .zip file for Android 9.0, it’s work fine for the emulator. You can find the translator here:https://github.com/m9rco/Genymotion_ARM_Translation Flags First Steps There are so many flags in the application,…
-
Read more: AHE17: Android Hacking Events 2017 (AES-Decrypt)For this challenge, we need install some things into our Android 5.1 device with Genymotion.For example, an ARM Translator.https://github.com/m9rco/Genymotion_ARM_Translation For download the APK https://team-sik.org/wp-content/uploads/2017/06/AES-Decrypt.apk_.zip Now, installing the APK, we can see a button and two text box for decrypt something. Then, let’s take around the code with jadx. Just we need this piece of Java…
-
Read more: GreenHorn – Hack The Box – @lautarovculicUser.txt First we need know what ports are open with nmap sudo nmap -sV -p- -Pn -vv -T4 10.10.11.25 Output: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu) 3000/tcp open http syn-ack ttl 63 Golang…
-
Read more: PermX – Hack The Box – @lautarovculicUser.txt Let’s see what ports are open with nmap sudo nmap -sV -p- -Pn -vv -T4 10.10.11.23 Output: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack ttl 63 Apache httpd 2.4.52 Service Info: Host: 127.0.1.1; OS: Linux; CPE: cpe:/o:linux:linux_kernel Let’s…
-
Read more: Blazorized – Hack The Box – @lautarovculicUser.txt In first place, we need know what ports are open with nmap sudo nmap -sV -p- -Pn -vv -T4 10.129.81.51 Output: PORT STATE SERVICE REASON VERSION 53/tcp open domain syn-ack ttl 127 Simple DNS Plus 80/tcp open http syn-ack ttl 127 Microsoft IIS httpd 10.0 88/tcp open kerberos-sec syn-ack ttl 127 Microsoft Windows Kerberos…