Catch – HackTheBox Writeup

Machine Name: Catch
Difficulty: Medium


Catch is a machine that requires reverse engineering an APK, enumerating for information in the APK file and finding API tokens. Using the tokens, we login to a dashboard which is vulnerable to injection that leads to leaking SSH credentials. These credentials are used to get the user shell. Escalating Privileges involves monitoring processes and finding a script that allows the user to inject payloads and execute them as root.

Read More