Manager
Manager writeup by Thamizhiniyan C S
Last updated
Was this helpful?
Manager writeup by Thamizhiniyan C S
Last updated
Was this helpful?
Hey everyone, in this write-up we will be solving an HTB challenge Manager.
Link to the challenge:
Let’s Start!!!!!!
First download and extract the given file.
From the README.txt file, we can see that the application supports API level 29 or earlier.
Next I used apktool to extract the apk file.
After extracting the apk, I first took a look at the AndroidManifest.xml file to check whether there is any minimum API level or android version is required to run the app.
There was nothing mentioned about that. So, In my case I installed the apk on an Android 6 / API 23 Virtual Device.
To install the apk, I used adb.
Next I just take a look at the app and its functionality.
Initially, when I first Opened the application, it asked for the IP address and port number to connect to the server.
Start the machine instance in HackTheBox and enter the IP address and port number and press connect.
After connecting to the server, the next page is a Login/Register page.
Next, I registered a new user to check the functionality.
I also set up the burp proxy, to intercept the traffic.
For that check this Guide:
You can see that the register request that is send to the server. After successfully registering the new user, the application shows a Manager page, which contains the ID, Username, Password and Role fields.
In this page only the Password is editable and updatable.
Let’s try to update the password and capture the request to see what details are sent to the server.
You can see that the request is made to manage.php , with username and password fields.
Let’s try to change the admins password by tampering this request. To do that first send this request to the repeater tab, and modify the username to admin and set the password as your wish and send the request.
You can see the response that the password is updated successfully.
Now let’s try to login as admin with the updated credentials.
And we have successfully logged in.
We have successfully obtained the flag. If you can’t able to copy the flag, try to make the login request again using the repeater tab, from the response tab you can copy the flag from the raw response.
Thankyou…..
