Official discussion thread for Instant. Please do not post any spoilers or big hints.
1 Like
Ready for that instant action boys.
1 Like
Interesting htb box this week! Fun and easy, got to use radare2 again 
a box just like we like it for a hangover day!
#HappyHacking
1 Like
1 Like
Am I wasting my time trying to spin up the app on an android emulator?
That’s not a necessary step. There are more relevant things you can do with an apk.
1 Like
was easy one i guess
1 Like
Able to register, log in, get admin token, my profile and admin profile, but no idea, what more to do. 
idk where is the admin pin or if it’s necessary or not.
If anyone is facing an issue or are stuck, let me know for quick guidance!
User: Understand how APK files are structured.
Root: Forensics and look for unusual stuff.
Hi Guys,
Could anyone provide me with a hint, please?
Thanks,
Have a good day!
I suggest you to “SWAGGER” around a little bit inside the apk decompilation 
5 Likes
decompile apk file you will find interesting things use them and you will see a vulnerabilty in a subdomain
I’ve already decompiled the APK file, and i found the subdomain and a admin JWT; and i tried the endpoints and register a new user, but thats all, idk how to continue!
no need for registration attempt, see the logs file with the endpoint and you will find the vulnerabiltiy
3 Likes
Are you sure you find all the subdomains? Better search the apk
1 Like
Message me if anyone needs help!
i’m stuck in the privesc any hint
Look for uncommon and weird files in weird places, like the /opt/ folder
4 Likes
Look DM please
I am relatively new to reverse engineering. I have already got to the unusual file. Any hints to decrypt it? Do I need a seperate password or use windows for that particular software?