Mshaks

24th place

6200 points

Awards

Hint 17

hints

Hint for AES

0

Hint 43

hints

Hint for Insecure Direct Object Reference

0

Hint 38

hints

Hint for Old Backup Files

0

Hint 33

hints

Hint for SSTI

0

Hint 34

hints

Hint for S3 bucket misconfiguration

0

Hint 36

hints

Hint for Review comment and Metadata

0

Hint 35

hints

Hint for RIA Cross Domain Policy

0

Hint 26

hints

Hint for XPATH Injection

0

Hint 30

hints

Hint for RFI

0

Solves

Challenge	Category	Value	Time
isDebugger Connected	Anti-Debugging	100
Su Binary	Root Detection	100
BusyBox Binary	Root Detection	100
Root Cloaking Apps	Root Detection	100
JSON to XXE (Blind)	Web Application	100
Insecure Direct Object Reference	Web Application	100
Old Backup Files	Web Application	100
Review comment and Metadata	Web Application	100
S3 bucket misconfiguration	Web Application	100
Default Credentials	Web Application	100
RIA Cross Domain Policy	Web Application	100
Metafiles - Info Leakage	Web Application	100
XPATH Injection	Web Application	100
RFI	Web Application	100
Unrestricted File Upload	Web Application	100
XXE	Web Application	100
SSRF	Web Application	100
REST API HTTP Methods	Web Application	100
JWT Misconfiguration	Web Application	100
OTP Bruteforce	Web Application	100
User Password Enumeration	Web Application	100
Client Side Validation Bypass	Web Application	100
Server Fingerprint	Web Application	100
JavaScript - Info leak	Web Application	100
Encoding - Hashing	Web Application	100
Login bypass	Web Application	100
Bruteforce	Web Application	100
HTML5 Controls	Web Application	100
2FA - Integrity Validation	Authentication	100
2FA - Response Manipulation	Authentication	100
2FA - OTP Brute-Force 2	Authentication	100
2FA - OTP Brute-Force	Authentication	100
IMEI/ESN	Device ID	100
GPS Location	Device ID	100
Device Wi-Fi MAC	Device ID	100
SSAID/ANDROID_ID	Device ID	100
Hardcoded Secret	Binary Protection	100
RPATH	Binary Protection	100
SHA1	Hashing	100
MD5	Hashing	100
MD4	Hashing	100
Caesar Cipher	Encryption	100
File System Expose	Content Providers	100
SQL Injection	Content Providers	100
WTF Logs	Logs	100
Verbose Logs	Logs	100
Debug Logs	Logs	100
Warnings Logs	Logs	100
Error Logs	Logs	100
Informational Logs	Logs	100
Activity data	Insecure Data Storage	100
Clipboard	Insecure Data Storage	100
KeyStore	Insecure Data Storage	100
Memory	Insecure Data Storage	100
External Storage	Insecure Data Storage	100
Internal Storage	Insecure Data Storage	100
Shared Preferences	Insecure Data Storage	100
SQLite Databases (Unencrypted)	Insecure Data Storage	100
Virtual Phone Number	Emulator detection	100
Root Management Apps	Root Detection	100
HTTPS Traffic	HTTP Traffic	100
HTTP Traffic	HTTP Traffic	100
Sanity Check Flag	Sanity Check	0