Challenge: Protecting Camp I made a small site to keep a list of things I need to buy to keep me safe before I go camping, maybe it’s keeping some other things safe too! Attachment: protecting_camp.zip Walkthrough This challenge shows a Camping Checklist on main page. Solve 1. Reviewing the code Found a snippet that could be vulnerable to SSRF app.get('/api/flag', (req, res) => { var url = req.protocol + '://' + req....
Challenge: Repo Recon Leak Leak Leak Can you find the secret leak? Source Code: https://github.com/mowzk/repo-recon Walkthrough The challenge page contains a login form where it asks for username and password. The hint is leak. We have to find a token kind of thing to pass authentication. The challenge provides the source code on GitHub: https://github.com/mowzk/repo-recon Solve 1. Reviewing files in the Repo .env file FLAG_VALUE=placeholderflag ADMIN_HASH=$2b$04$9HAfoKBcIKUrTh8F73fL0.aWH/X5dYRnWXL7eikRaxqAEqRlktKM. VIVER=prosogyrous This is the place where developer can potentially drop a token & this can be recorded in one of the commits....