Official Diogenes' Rage Discussion

Official discussion thread for Diogenes’ Rage. Please do not post any spoilers or big hints.

Really liked this challenge! One tip I would give is make sure you test against the remote server, as it may respond differently to the local Docker instance.

1 Like

Hello everyone! Sorry for the noob question …

I found the jwt token (hs256 encryption algorithm).

Then I tried to carry out the following attacks:
a) blind SQL injection in parameters
b) cancellation of subscription (caused server error - 500)
d) changed the algorithm to none

But I still did not understand what to do next …

Just be faster than the server and collect coupons

Hey! Looking at the flag description and the other comments in this thread I think I got the challange in an unintended way, could someone PM me the intended solution? I get the overall idea, but I’m unsure if there’s some specific tool or technique usually used for this kind of attack, I tried some ideas but didn’t work out for me; so I came up with another attack vector.

to this end if anyone is running into any problems, I had to run my exploit from a cloud instance, as I couldn’t get it to work from my VM

In fact this challenge is easy but the real ennemy is your connection :joy:
I had to use my exploit almost 50 times and close every page to make it works…

I get the leak of the challenge, but I can’t connect the website without VPN. And my pycharm can’t run with VPN. How to solve?

Nice challenge! If you wanna use burpsuite, take a look to the turbointruder extension :wink:


nice i will try later. my script dosnt work :smiley:

trying with burp suit but always getting 1$ dolar ticket :frowning:

I don’t know it’s a limit on my machine or internet but the most I could get with a script was $6 with the turbo intruder I only get $1

Great machine. I managed to write a working script and finally figure out these races.


When i tried to run the docker an error appears, someone could help me?

const sqlite = require('sqlite-async');

Error [ERR_REQUIRE_ESM]: require() of ES Module /app/node_modules/sqlite-async/sqlite-async.js from /app/database.js not supported.
Instead change the require of sqlite-async.js in /app/database.js to a dynamic import() which is available in all CommonJS modules.
    at Object.<anonymous> (/app/database.js:1:16)
    at Object.<anonymous> (/app/index.js:5:23) {

this happens when i run the file…



1 Like

I think you’ll have to use 1.1.3

Compare the syntax from 1.1.3 and 1.1.4. It’s very funny how a breaking change is introduced in a “patch version change”.

hahaha i know, thanks so much!!.. i changed the version in the package.json file and it worked. Now i have to get the flag!!

Quite a fun challenge. I got it done with the normal Intruder (after a couple of tries). Need to play with the number of payloads + concurrency, to get the desired result.

Quite a fun challenge, although I went down some rabbit holes. If anyone can explain why the code is vulnerable to that specific attack type, I’m a dm away :slightly_smiling_face:. Thanks

I spent five hours on this box and went down every rabbit hole imaginable haha. I only figured it out once I saw a hint in the comments.

Hi you can help me, i run docker and same issue