Kabinet's GitBook
  • 🚩Kabinet CTF's Writeups
  • Page
  • 2025
    • Thuderdome
      • Emerge through the breach
      • Pulled from the sky
      • An absent defense
      • A new wave (web of deceit)
      • Crossing the great divide
      • Joining forces as one
      • Infiltrate (open the gate)
      • Jaeger
      • Victory
  • 2024
    • GreyCTF 2024
      • Markdown Parser
      • Fearless Concurrency
      • GreyCTF Survey
      • Baby Web
      • Beautiful Styles
      • All About Timing
      • Poly Playground
    • TetCTF 2024
      • Hello from API GW
      • Microservices
  • 2023
    • BSidesSF Cloud Village CTF
      • Tony Tony Tony
      • Plain Sight
      • A Suit of Armor Around The World
      • Sharing is Caring + Sequel
      • Photo Drive
    • DART CTF
      • Flag 1
      • Flag 2
      • Flag 3
      • Flag 4
      • Flag 5
      • Flag 6
      • Flag 7
      • Flag 8
      • Flag 9
      • Flag 10
    • EKS Cluster Games
    • Big IAM Challenge
  • 2022
    • Stack The Flag
      • Secret of Meow Olympurr
  • Authored
    • Cyber League 2025 Major 1
      • Perfect Storage
      • catalog commits
      • pawtainer hub
    • Lag and Crash 2023
      • Managed Secrets
      • Pickle Rick
      • Cloudy with a chance of meatball
    • NYP InfoSec December CTF 2022
      • Super Secure Technology Infrastructure
      • Self Introduction
      • Aww Cuter Cat
      • Obligatory Calc
      • BreadSecurity
  • NYP InfoSec Introduction to Pentesting Workshop
Powered by GitBook
On this page
  • Challenge Description
  • Solution

Was this helpful?

  1. 2023
  2. BSidesSF Cloud Village CTF

Photo Drive

PreviousSharing is Caring + SequelNextDART CTF

Last updated 1 year ago

Was this helpful?

Challenge Description

Who doesn't love reverse engineering Android APKs! I'm kidding, not everyone does :D

But, you will have to get your hands dirty for this one as the only way to reach the flag is to break the APK open.

Do your RE and you will find your way!

Solution

Download and reverse the apk with apktool

apktool d photodrive.apk

I manually enumerated the application and found this comment

Using aws cli, I am able to list out the file and install them

However, I received an error denied when installing the account.txt. As I have did a similar challenge in Flaws.cloud before, I imported my own key with aws configure and is able to install the account.txt file.

You can refer to the level 2 writeup for more details.

The Account.txt contains a set of credential for AWS.

Access key ID: AKIAYX67JAH5N5WJIXRC
Secret access key: 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

Login with the set of credential using aws configure and get more information using the get-caller-identity command.

The usernameis a base64 encoded value, and upon decoding I retrieved the flag.

Flag: flag-{GaW6NW8vzwIhh8qU643AV3ohh4gwDByw}

Vieweing the github repo , I found one that says which remove the misconfigured server.

Performing further enumeration on the github repo shows a branch with commit that which contains a s3 bucket link.

commits
add security fixes
remove misconfigured server
LogoFlaws.cloud Walkthroughexecuteatwill
Logoget-caller-identity — AWS CLI 1.23.12 Command Reference