2025-02-19
Instant - APK Decompilation, LFI via Swagger API, and Solar-PuTTY Backup Decryption
Technical writeup detailing the compromise of the Instant machine. Initial foothold is achieved through static analysis of a downloadable APK file, revealing subdomains and a hardcoded API key. This key is used to exploit a Local File Inclusion (LFI) vulnerability within the authenticated Swagger API (via the logs reading function), leading to SSH key exfiltration and user access. Privilege escalation is achieved by locating, transferring, and decrypting an encrypted Solar-PuTTY sessions backup file, which yields the root password.