Why bother to guess or retrieve the master key when we already know the endpoint it is calling?
Moreover, the binary does not seem to decrypt using the masterkey. Instead, it simply displays the content of the response from the API. We should call the endpoint directly!
A seemingly weird AES key is provided to us.
This seems like the password manager Juliette mentioned about. Pretty basic.
Additionally, it seems to be self-coded and probably prone to vulnerabilities.
Fiddling with the parameters, it is actually vulnerable to SQL Union based injection to leak the admin password hash.
From the gathered information, we can decrypt the key
With this, we can login as admin and obtain