writeup
-
Read more: APKey – Hack The Box – @lautarovculic
Difficult: Easy Category: Mobile OS: Android (SDK 30) Description: This app contains some unique keys. Can you get one? First, we need download the .apk For this mobile challenge,we need install an Android device with SDK 30 (Android 11 máx) with Genymotion. Decopile the .apk with apktool apktool d APKey.apk Here we can see that…
-
Read more: SeeTheSharpFlag – Hack The Box – @lautarovculic
Difficult: Medium Category: Mobile OS: Android Description: I have made a password verification app. If I can remember the password, the app will tell me it is correct. See if you can guess my password. The first step that we need to do is download the .zip file and extract the .apk with apktool Looking…
-
Read more: Hack The Box – Clicker – @lautarovculic
User.txt As usual, let’s first configure the /etc/hosts file. Now we will see what nmap tells us. We see that you have ports 22, 80, 111 and 2049 open. There is an NFS, let’s see what it contains. showmount -e 10.10.11.232 The /mnt/backup directory is shared! We are going to mount it on our local…
-
Read more: Hack The Box – Cryptohorrific – @lautarovculic
Difficult: Medium Category: Mobile OS: iOS Description: Secure coding is the keystone of the application security! After downloading the compressed file and decompressing it, we will have a folder where inside we find the files we need: The hackthebox file, is the main file of the program that contains the binary files. The .plist file…
-
Read more: Hack The Box – Sau – @lautarovculic
User.txt First we will configure the file /etc/hosts with the IP and sau.htb Then we will do a scan with nmap to obtain information about the ports and services available on the machine. Well, port 80 keeps thinking. So apparently the entry point is port 55555. Let’s take a look. We have Request-Basket version 1.2.1,…
-
Read more: Micro-CMS v1 – @lautarovculic
Flags: 4 Difficulty: Easy Category: Web Flag 1/4 By taking a short tour through the application, we can view and edit a number of ready-made testing pages, and we can also create a page. On the first page we see that markdown is allowed, but script… no? Let’s try it. Press the save button and..…
-
Read more: Hack The Box – Pilgrimage – @lautarovculic
This writeup are available in my GitHub.
-
Read more: Hack The Box – Topology – @lautarovculic
This writeup are available in my GitHub.
-
Read more: H1 Thermostat – @lautarovculic
Flags: 2 Difficulty: Easy Category: Mobile First, I recommend that you read the following post I wrote for Intercepting Android app traffic using Burpsuite. At the end of the post, there is the second flag 😉 But first, I want to clarify something. In this Writeups it is possible to get both flags with two…