Catch – HackTheBox Writeup
Machine Name: Catch
IP: 10.10.11.150
Difficulty: Medium
Summary
Catch is a machine that requires reverse engineering an APK, enumerating for information in the APK file and finding API tokens. Using the tokens, we login to a dashboard which is vulnerable to injection that leads to leaking SSH credentials. These credentials are used to get the user shell. Escalating Privileges involves monitoring processes and finding a script that allows the user to inject payloads and execute them as root.
Read More