Official Instant Discussion

Official discussion thread for Instant. Please do not post any spoilers or big hints.

1 Like

Fuled By Ramen GIFs - Find & Share on GIPHY

Ready for that instant action boys.

1 Like

Interesting htb box this week! Fun and easy, got to use radare2 again :love_you_gesture: a box just like we like it for a hangover day!
#HappyHacking

1 Like
1 Like

Am I wasting my time trying to spin up the app on an android emulator?

That’s not a necessary step. There are more relevant things you can do with an apk.

1 Like

was easy one i guess

1 Like

Able to register, log in, get admin token, my profile and admin profile, but no idea, what more to do. :frowning: idk where is the admin pin or if it’s necessary or not.

If anyone is facing an issue or are stuck, let me know for quick guidance!
User: Understand how APK files are structured.
Root: Forensics and look for unusual stuff.

Hi Guys,

Could anyone provide me with a hint, please?

Thanks,
Have a good day!

I suggest you to “SWAGGER” around a little bit inside the apk decompilation :innocent:

6 Likes

decompile apk file you will find interesting things use them and you will see a vulnerabilty in a subdomain

I’ve already decompiled the APK file, and i found the subdomain and a admin JWT; and i tried the endpoints and register a new user, but thats all, idk how to continue!

no need for registration attempt, see the logs file with the endpoint and you will find the vulnerabiltiy

3 Likes

Are you sure you find all the subdomains? Better search the apk

1 Like

Message me if anyone needs help!

i’m stuck in the privesc any hint

Look for uncommon and weird files in weird places, like the /opt/ folder

4 Likes

Look DM please

I am relatively new to reverse engineering. I have already got to the unusual file. Any hints to decrypt it? Do I need a seperate password or use windows for that particular software?