Manager (Mobile) Writeup
Manager (Mobile) Writeup
Purpose
Resources
- Challenge Link
- We are given a zip that is password protected (password is provided on HTB)
- We are given an IP and PORT for the service for the challenge.
Process
- We downloaded the file and then checked the readme file. In here was instructions on what API minimum is needed to install.
- We used
adb install Manager.apkto install the app on the rooted emulator. Just in case we need to dumpster dive in the file system.
- After this, we launch Burp and make sure that the CA cert is on the emulator and that we can intercept traffic clearly.
- We register a new account
test:testto see what is available to us in the app. - After logging in the with the new
testaccount we find a/managecall that peaks our interest.
- We enumerate for other accounts already registered and we tried
admin. The response showed thatadminwas already taken, which we are going to assume this is the account we are tasked with finding the password for. - After doing this, we send the
/manageto Repeater to edit the call and re-send. We edit the call to targetadmininstead oftestaccount and edited the password to something we know. Huzzah!
- Then we logged in to the
adminand found the flag in theRolefield.
This post is licensed under CC BY 4.0 by the author.