NiteCTF 2024
1, Cybernotes:


1. On the network tab, the request made for bg.jpg

2. We got the logs in the /uploads/.

3. Got the username
in the logs.

4. Got the Passwords
in the logs.

5. Got the DockerFile
the file has JWT_SECRET_KEY & FDRP_JWT_SECRET_KEY.

6. Using the username and password, we have login into the application.

7. Getting the notes in this endpoint.

8. Decode and change the secret with JWT_SECRET_FILE. we got from DockerFile. JWT_SECRET_FILE=H6jga21h1.

9: Got the flag.

2, Charlie Hunt 1:


1. While submitting the review.

2. Changing the Api version v2 to v1 and the non-numeric value to the stars it will throw the error.

__v: is unknown,
So we add __v as a key and provide the input.

The application renders the input "
__v":"{{7*7}}"
to__v:49
, starting to craft the SSTI payload.

Payload: {
{url_for['__
gl'+'obals__
']['__
buil'+'tins__
']['op'+'en'](app\\x2epy)['re'+'ad']()}}.
Flag: nite{3rror5_can_b3_u53ful_s0m3t1m35}
Last updated