Official discussion thread for Diogenes’ Rage. Please do not post any spoilers or big hints.
Really liked this challenge! One tip I would give is make sure you test against the remote server, as it may respond differently to the local Docker instance.
1 Like
Hello everyone! Sorry for the noob question …
I found the jwt token (hs256 encryption algorithm).
Then I tried to carry out the following attacks:
a) blind SQL injection in parameters
b) cancellation of subscription (caused server error - 500)
d) changed the algorithm to none
But I still did not understand what to do next …
Just be faster than the server and collect coupons
Hey! Looking at the flag description and the other comments in this thread I think I got the challange in an unintended way, could someone PM me the intended solution? I get the overall idea, but I’m unsure if there’s some specific tool or technique usually used for this kind of attack, I tried some ideas but didn’t work out for me; so I came up with another attack vector.
to this end if anyone is running into any problems, I had to run my exploit from a cloud instance, as I couldn’t get it to work from my VM
In fact this challenge is easy but the real ennemy is your connection 
I had to use my exploit almost 50 times and close every page to make it works…
I get the leak of the challenge, but I can’t connect the website without VPN. And my pycharm can’t run with VPN. How to solve?
Nice challenge! If you wanna use burpsuite, take a look to the turbointruder extension 
2 Likes
nice i will try later. my script dosnt work 
trying with burp suit but always getting 1$ dolar ticket 
I don’t know it’s a limit on my machine or internet but the most I could get with a script was $6 with the turbo intruder I only get $1
Great machine. I managed to write a working script and finally figure out these races.
Hi!
When i tried to run the docker an error appears, someone could help me?
/app/database.js:1
const sqlite = require('sqlite-async');
^
Error [ERR_REQUIRE_ESM]: require() of ES Module /app/node_modules/sqlite-async/sqlite-async.js from /app/database.js not supported.
Instead change the require of sqlite-async.js in /app/database.js to a dynamic import() which is available in all CommonJS modules.
at Object.<anonymous> (/app/database.js:1:16)
at Object.<anonymous> (/app/index.js:5:23) {
code: 'ERR_REQUIRE_ESM'
}
this happens when i run the build-docker.sh file…
Thanks!!
Pablo.-
1 Like
I think you’ll have to use 1.1.3
Compare the syntax from 1.1.3 and 1.1.4. It’s very funny how a breaking change is introduced in a “patch version change”.
hahaha i know, thanks so much!!.. i changed the version in the package.json file and it worked. Now i have to get the flag!!
Quite a fun challenge. I got it done with the normal Intruder (after a couple of tries). Need to play with the number of payloads + concurrency, to get the desired result.
Quite a fun challenge, although I went down some rabbit holes. If anyone can explain why the code is vulnerable to that specific attack type, I’m a dm away 
. Thanks
I spent five hours on this box and went down every rabbit hole imaginable haha. I only figured it out once I saw a hint in the comments.
Hi you can help me, i run docker and same issue