Snyk - Fetch The Flag CTF 2023

Challenge: Protecting Camp I made a small site to keep a list of things I need to buy to keep me safe before I go camping, maybe it’s keeping some other things safe too! Attachment: protecting_camp.zip Walkthrough This challenge shows a Camping Checklist on main page. Solve 1. Reviewing the code Found a snippet that could be vulnerable to SSRF app.get('/api/flag', (req, res) => { var url = req.protocol + '://' + req.get('host') + req.originalUrl; try{ parsed = parseUrl(url) if (parsed.resource != '127.0.0.1'){ res.send("Hey... what's going on here\n"); }else{ fs.readFile("./flag.txt", 'utf8', (err, data) => { if (err) { res.send("There was an error and this is sad :(\n") }else{ res.send(data+"\n") } }); }} catch (error) { res.status(400).json({ success: false, message: 'Error parsing URL' }); } }); Above code checks whether the host is 127.0.0.1 or localhost. ...

Challenge: Repo Recon Leak Leak Leak Can you find the secret leak? Source Code: https://github.com/mowzk/repo-recon Walkthrough The challenge page contains a login form where it asks for username and password. The hint is leak. We have to find a token kind of thing to pass authentication. The challenge provides the source code on GitHub: https://github.com/mowzk/repo-recon Solve 1. Reviewing files in the Repo .env file FLAG_VALUE=placeholderflag ADMIN_HASH=$2b$04$9HAfoKBcIKUrTh8F73fL0.aWH/X5dYRnWXL7eikRaxqAEqRlktKM. VIVER=prosogyrous This is the place where developer can potentially drop a token & this can be recorded in one of the commits. ...