Cat (Mobile) Writeup
Cat (Mobile) Writeup
Purpose
- Although the TCM PMPA is very thorough, I still wanted to branch out and learn more about Android and iOS pentesting as a whole.
- The mobile track from Hack the Box exposes me to a whole new level of attack surface outside of just static/dynamic analysis.
Resources
- Challenge Link
- We are given a zip that is password protected (password is provided on HTB)
Process
- We move this to a folder and unzip with the password provided.
- We are given a
.abfile for use. - After a quick google, we found a one-liner to be able to unpack this.
( printf "\x1f\x8b\x08\x00\x00\x00\x00\x00" ; tail -c +25 cat.ab ) | tar xfvz -
- After digging through the files in the
sharedwe find some images. - After finding the best treasure trove of cat images, (some of which will be used for test data in later times), we find an image of someone with a clipboard with the flag info at the bottom.

- We found the flag to be
HTB(THisBackupIsUnprotected).
This post is licensed under CC BY 4.0 by the author.