Photo Drive
Last updated
Last updated
Who doesn't love reverse engineering Android APKs! I'm kidding, not everyone does :D
But, you will have to get your hands dirty for this one as the only way to reach the flag is to break the APK open.
Do your RE and you will find your way!
Download and reverse the apk with apktool
I manually enumerated the application and found this comment
Vieweing the github repo commits, I found one that says add security fixes which remove the misconfigured server.
Performing further enumeration on the github repo shows a branch with commit that remove misconfigured server which contains a s3 bucket link.
Using aws cli, I am able to list out the file and install them
However, I received an error denied when installing the account.txt. As I have did a similar challenge in Flaws.cloud before, I imported my own key with aws configure and is able to install the account.txt file.
You can refer to the level 2 writeup for more details.
The Account.txt contains a set of credential for AWS.
Login with the set of credential using aws configure
and get more information using the get-caller-identity
command.
The usernameis a base64 encoded value, and upon decoding I retrieved the flag.
Flag: flag-{GaW6NW8vzwIhh8qU643AV3ohh4gwDByw}