Tony Tony Tony

Challenge Description

Tony is a web application developer intern in a Product Based Company. Recently Tony was assigned to create a web app which can accept the codebase and gist URL as the parameter and save in the gallery. He has developed the API on AWS platform using which the end user can save the codebase from the remote URL.

Start here - http://65.0.191.38/

Solution

Viewing the page source shows a JavaScript code that POST to https://jg0rh6th8e.execute-api.ap-south-1.amazonaws.com/test/share with the flag as the header

var codeEditor = CodeMirror.fromTextArea(document.getElementById("code"), {
    lineNumbers: true,
    mode: "javascript",
    theme: "default"
});

var myHeaders = new Headers();
myHeaders.append("authorizationToken", "flag-{gtkO4f4NOrJsRRNZWxiTbL6LLUs5Ir8g}");
myHeaders.append("Content-Type", "application/json");

var raw = JSON.stringify({
    "codeFile": code
});

var requestOptions = {
    method: 'POST',
    headers: myHeaders,
    body: raw,
    redirect: 'follow'
};

fetch("https://jg0rh6th8e.execute-api.ap-south-1.amazonaws.com/test/share", requestOptions)
    .then(response => response.text())
    .then(result => {
        var resultDiv = document.getElementById("result");
        resultDiv.innerHTML = "";

        var pre = document.createElement("pre");
        pre.innerText = result;
        resultDiv.appendChild(pre);
    })
    .catch(error => console.log('error', error));

Flag: flag-{gtkO4f4NOrJsRRNZWxiTbL6LLUs5Ir8g}

PreviousBSidesSF Cloud Village CTF NextPlain Sight

Last updated 9 months ago