Post

Cat (Mobile) Writeup

Cat (Mobile) Writeup

Purpose

  • Although the TCM PMPA is very thorough, I still wanted to branch out and learn more about Android and iOS pentesting as a whole.
  • The mobile track from Hack the Box exposes me to a whole new level of attack surface outside of just static/dynamic analysis.

Resources

  • Challenge Link
  • We are given a zip that is password protected (password is provided on HTB)

Process

  • We move this to a folder and unzip with the password provided.
  • We are given a .ab file for use.
  • After a quick google, we found a one-liner to be able to unpack this.
  • ( printf "\x1f\x8b\x08\x00\x00\x00\x00\x00" ; tail -c +25 cat.ab ) | tar xfvz - cat-unpack
  • After digging through the files in the shared we find some images.
  • After finding the best treasure trove of cat images, (some of which will be used for test data in later times), we find an image of someone with a clipboard with the flag info at the bottom. clipboard-flag
  • We found the flag to be HTB(THisBackupIsUnprotected).
This post is licensed under CC BY 4.0 by the author.

Trending Tags