Hack The Box Cat Challenge Write-Up

Figure 1.1


This article is about the Cat challenge hosted on HackTheBox. It is an easy challenge. Let’s get started,

First download the challenge file from Hack The Box server as shown in figure 1.2 below:

Figure 1.2

You will get a file named “cat” which will be without any extension as shown in figure 1.3 below:

Figure 1.3

With the help of rename change this file extension to rar as shown in figure 1.4 below:

Figure 1.4

Extract the files and you will get Cat.ab file as shown in figure 1.5 below:

Figure 1.5

This .ab file is Android Backup File. To learn more about AB file click here. In order to extract .ab file the tool I will be using is Android Backup Toolkit.

Download the toolkit and run the following command also shown in figure 1.6:

java -jar abe.jar unpack cat.ab cat.rar

Before running the command I have placed toolkit and cat.ab file in same folder.

Figure 1.6

Now go to folder and you will see cat.rar file there and extract it.

Figure 1.6

Now let’s move into “cat” directory.

Figure 1.7

Let’s explore “shared” folder first. Inside shared folder all folders are empty except “Pictures” folder. Let’s explore this folder.

Figure 1.8

This folder contains all of the cat pictures except one picture which is “IMAG0004.jpg”. Let’s open this picture.

Figure 1.9

Here we go we have found the flag and challenge is completed. Thanks for staying till here.

If you like this article, please support on Patreon.




Security Enthusiast

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Android Fundamental : Service

How to access localhost via Android Emulator?

Better physical stories with Google’s Nearby APIs (Part 1 of 3)

Room Database in android with Kotlin-Coroutines

Should Android App Developers Take Note Of Google Fuchsia?

Should Android App Developers Take Note Of Google Fuchsia?

Upload files to Amazon S3 with Bitrise in a few steps

Debugging react native android app running on a chromebook

Touch and Tap action on Mobile Automation with Appium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Danish Zia

Danish Zia

Security Enthusiast

More from Medium

Let’s learn WebApp Pentest from basic on DVWA.

Basic Pentesting

Try Hack Me : GLITCH

WeBaCoo — Web Backdoor Cookie Script-Kit