Jersey CTF — interesting-sites
I am Ayush Shah. I played this ctf with my team Bits & Pieces.
https://ctftime.org/team/178228
Challenge Description:
I like interesting websites.
We are given the source code as well. But first let’s check the web application.
Oh, it asks for a website url, firstly, I ll supply a webhook site url and check if we get a response back to us.
It does nothing even after submitting the url, so it’s time to dig into the source code. Let’s begin analyzing the code by reading the app.js
siteQueue holds the siteurl, stats variable is an object which holds how many total sites are submitted and out of them how many were interesting.
/login just renders the login page, since the admin username and password are stored in a env file, we cannot just guess them and access.
middleware/admin.js checks if a header named X-XSRF-TOKEN exists in the request of the user, if it does then does it match the value of ADMIN TOKEN in env. If we are not lucky then admin middleware will not allow us to read the flag.
In middleware/api.js , there are multiple endpoints which are not really that useful in order to get the flag.
To get the flag, these were most helpful for me to get the flag. And let’s check if we got any hit to our webhook site.
Fortunately, we do. We have received the X-XSRF-TOKEN . This header and its value is enough for us to get the flag.
Since from the above code that we read, we can make a request to /api/admin/flag endpoint along with adding X-XSRF-TOKEN to pass the middleware check and access flag endpoints.
Thank you for reading.
If you are interested to join our team for Web exploitation, Binary Exploitation, Reverse Engineering, please kindly DM ckc9759 on discord.
Happy Hacking!
