Page cover

NiteCTF 2024

1, Cybernotes:

1. On the network tab, the request made for bg.jpg

2. We got the logs in the /uploads/.

3. Got the username in the logs.

4. Got the Passwordsin the logs.

5. Got the DockerFile the file has ⁣JWT_SECRET_KEY & FDRP_JWT_SECRET_KEY.

6. Using the username and password, we have login into the application.

7. Getting the notes in this endpoint.

8. Decode and change the secret with JWT_SECRET_FILE. we got from DockerFile. JWT_SECRET_FILE=H6jga21h1.

9: Got the flag.

2, Charlie Hunt 1:

1. While submitting the review.

2. Changing the Api version v2 to v1 and the non-numeric value to the stars it will throw the error.

  1. __v: is unknown, So we add __v as a key and provide the input.

  1. The application renders the input "__v":"{{7*7}}" to __v:49, starting to craft the SSTI payload.

Payload: {{url_for['__gl'+'obals__']['__buil'+'tins__']['op'+'en'](app\\x2epy)['re'+'ad']()}}.

Flag: nite{3rror5_can_b3_u53ful_s0m3t1m35}

Last updated