Solved.
I learned a lot from this one actually.
DM me if you need some tips.
@11o said:
A really nice challenge, very enjoyable.Happy to hint if anyone is stuck.
i need hint plzz msg me personally
Solved, can DM for nudges. Had some difficulties because the tool I used couldnāt seem to read the flag (I saw it, couldnāt open). Upgraded it to a later version solved it.
Also, the guy who wrote he found a private thing really threw me off - that is not the way, just misleading.
funny chall. It gives me many things to think and learn. Feel free to dm for questions 
Finally got it!! I was stuck several days / weeks with last part. A fun challenge, it did me to learn a bit more. Thanks to creators @makelarisjr & @makelaris !!
Nice box for beginners. 
I am stuck in Under Construction for 3 days. I have tried using SQLmap (post) for testing SQLi. I have tried injecting XSS into the input, but it doesnt seem to be of any good. I have tried to see the calls using burp, and found the public key in the JWT cookie. But i cant move on from there. Where do i go from here?
I am a new user, please ignore any mistakes.
Solved. DM me for any help. But here are my two cents:
- Read the source code
- Understand the application workflow
- Yes the final step can be automated
Nice challenge, really enjoyed 
I give some tips that could be handy:
- If you have played with the application, you will notice that sometimes there is a strange error. This will give you an idea of what to do, but maybe you need to do things before.
- Analyze inputs of the application, one is giving you some information, why you need this? Maybe there is some paper online that explains how to take advantage of this.
- After you have figured what to do with 2 and 1, my recommendation is to setup a Flask app and point you automated tool to the Flask application.
Anyways, PM if you need some push.
really nice challenge and completely doable without any tools
uhh, I found the exploit, but i donāt know how to get the flagā¦ Can someone give me some hints? Thx!
I donāt know why I found this box so hard. I was definetly over thinking it, I got stuck on just about every dead end imaginable.
Somebody mentioned creating a flask app to automate the last step by proxying another tool. This is a great tip and definetly one I will be committing to memory.
so i pretty much understand whatās the workflow should be, but iām still getting
the 500 Internal empty (without the desired output within), and iām still donāt understand
why is it.
What am i missing ?
it would be great if someone could PM me (:
thanks
EDIT: got it.
Type your comment> @myller007 said:
Nice box for beginners.
In fact this was quite a hard challenge :neutral: I figured it out by getting pointers but I did not figure out why the jwt key confusion vulnerability was to be used.
how to make a simply nmap on ipaddress:port ?
iāve trying http://ipaddress:port/ but it donāt work
someone can help me please ?
Try without the http. if itās a website usual ports are 80,8080,443
Type your comment> @Yupsilon said:
how to make a simply nmap on ipaddress:port ?
iāve trying http://ipaddress:port/ but it donāt work
someone can help me please ?
Guys I am stuck with thisā¦ donāt know what is going wrong. Itās just giving me internal server error even after manipulation with cookie. I am using jwt_tool for that and burp to send the new cookieā¦ can someone help?? what am I missing?
Edit: Solved it! Found out what I was doing wrongā¦
Just finished. I loved this challenge!! Tip: Make sure you download the zip file.
I probably spent 45 minutes trying to figure out how the public key in the JWT would factor into my attack. Once I downloaded the source code I quickly saw the vulnerability. I then tried some futile ways to perform my attack. Ended up learning about jwt_tool. Adding that to my toolbox! Plus I learned about the ability to tamper with a JWT.
That was cool ! If like me you go for the snake, you might stumble upon a really annoying error when you try to forge something into something else, and thatās because the library youāre probably using has been updated and doesnāt let you do that anymore.
The only workaround I found (apart from walking an other path) was to directly modify the library files.
Donāt forget to revert your changes though !
Really cool challenge, and if someone solved it without using the most famous tool for this type of attack (or similar ones), Iād like to hear from you. I tried to do everything manually and finally fell for the āeasyā way, and when I was presented the payload I was like āHow am I supposed to think of something like that ?ā.
Can someone help/DM me? I believe I have all the pieces but I am getting internal error
1 Like