Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Before you download, please read our FAQs sections dealing with the dangers of running unknown VMs and our suggestions for "protecting yourself and your network. If you understand the risks, please download!
_____ _ ____ __ __ _ ____ ____ | || | | | / ]| |/ ] | || | | __|| | | | / / | ' / | | | | | |_ | |___ | |/ / | \ | | | | | _] | | | / \_ | \ | | | | | | | | | \ || . | | | | | |__| |_____||____\____||__|\_| |____||____| by: @leonjza
Your challenge, should you choose to accept, is to gain root access on the server! The employees over at Flick Inc. have been hard at work prepping the release of their server checker app. Amidst all the chaos, they finally have a version ready for testing before it goes live.
You have been given a pre-production build of the Android .apk that will soon appear on the Play Store, together with a VM sample of the server that they want to deploy to their cloud hosting provider.
The .apk may be installed on a phone (though I wont be offended if you don't trust me ;]) or run in an android emulator such as the Android Studio (https://developer.android.com/sdk/index.html).
$ shasum * e74061c5348fef33d00f5f4f2aee9e921c591129 flick-check-dist.apk e6fbcd5aab5ed95c54d02855fdfbad74587f3db7 flickII-dist.ova
Note: Vmware will complain about the OVF specification. Just click retry on the import and everything should be ok!
@barrebas for testing and patience @s4gi_ for testing and the inspiration