Hack The Box Challenge Walkthrough – Don’t Overreact

Don’t Overreach is a very easy challenge in the mobile category. The challenge description is as follows:

‘Some web developers wrote this fancy new app! It’s really cool, isn’t it?’

SHA-256 of the files necessary to download: ba37eff7b052ca8f5e86989b2777f5b7adb2820937063b401a5095ddcfa7a839.

1. download – it’s an APK
2. Turn .apk to .zip – explore files in Studio Code
3. Add APK to Bluestacks to view app – does nothing just a logo
4. Install Android Studio – run apk in Studio simulator – Terminal, Logcat, App Inspector, Network Inspector, browse files for abnormalities/”HTB”/”flag”
5. MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
6. In the android bundle file: importantData, apiURL, debug is a string SFRCezIzbTQxbl9jNDFtXzRuZF9kMG43XzB2MzIyMzRjN30 – decode from base64