Skip to content

03

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

03

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
write-ups
write-ups
 
 
mflag.zip
mflag.zip
 
 
readme.md
readme.md
 
 

readme.md

Write-ups for TCTT2023/Mobile/03

Flag pattern

CTT23{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}

Challenge Files

mflag.zip

Solution

  1. Start by opening AVD in Android Studio.

AVD_result_01

  1. Install the app in AVD.

AVD_result_02

  1. After launching the app, we can see that it is a simple app with button. But after we press the button, nothing happens. Only the text is shown The flag was returned but cannot be displayed. Can you help find the flag ???.

AVD_result_03

AVD_result_04

This make me think that the flag is hidden outside the app, the app should be using some kind of API to get the flag. So I use burpsuite to intercept the traffic.

  1. To intercept the traffic, we need to set the proxy in AVD. Go to Settings > Proxy and set the proxy to your burpsuite proxy. Also we need to start the intercept in burpsuite.

AVD_result_05

AVD_result_06

  1. After pressing the button, we can see that there is a request to http://18.143.235.72/getmflag

AVD_result_07

AVD_result_08

  1. I use curl to send the request to the server again.

curl_result

  1. The result is CTT23{c00l_int3rc3pt0r}