This is also my question lol.
I’ve tried downloading something I found relating to that file and run it in a windows environment but it fails repeatedly.
Same here… Found the file for the root, but no idea how to decrypt it
I found one script, but it dosen’t work…
Any hint please?
you need windows to decrypt it and you need to get the password of the user
1 Like
Message me if you need any help
2 Likes
Got the root, thank you @Mou4dhms and @csoruc153 for your hints, was really helpful 
3 Likes
I got user by exploiting the vulnerability in the subdomain. Am I supposed to get a shell using the same exploit?
Yeah. Just look around on user dir and find the file that you need.
yes you able to get the user flag so the app running with that user, there is a potential file that you can leak so you can get into the box
Can someone help me?
I got some information from the APK for a user. I dont know what i need further to do, I searched a lot for other information in the APK en did some curls without any result.
You can PM if you want.
greetzz
Make sure you decompile the APK to get the full source code, use an application that can search for keywords like jadx-gui.
There are 3 subdomains, and a Admin authentication token to be found in the decompiled source code of the APK, one of these domains will allow your initial foothold.
DM me for any further help!
4 Likes
Any tips on exploiting?
is there a way to do it without windows? or is trying to find a way futile?
Can anyone help me? I already got the admin token and discovered 2 subdomains, but now I’m stuck
1 Like
go through the endpoints. You’ll find a very common vulnerability in one of them.
1 Like
I achieved! thanks
helloo! hope youre well. I have the cookie found embedded with the apk files along with the discovered subdomain. I inserset the key in the browser within the storage for the site but im still getting “unauthorized”
Thinking of modifying the path but im stuck on where to start.
For example i changed the path to the subdomain but no luck!
you can use the exe with wine
1 Like
The cookie should be named ‘Authorization’ or something similar. There are two important subdomains for this box: one may not be very useful, while the other will give you a foothold
1 Like
for user - used jadx for searching through the code for keywords in the hints within this thread. found the endpoint vuln and got on the box.
for root - used linpeas, to find interesting items, then google fu for python script for pw decode.
enough clues here - THANKS!
1 Like
Hi, I have the file to decrypt and I know how to do it but apparently I need a password to do it, and I don’t know where to find that password, any hint?