Challenges

CWE-756: Missing Custom Error Page

Current configuration of the project is set to debug. In case of a thrown exception, the attacker can see a lot of information, including parts of source code, which they never should be able to.

Swagger

Find SecureBank swagger.

Solution

Go to /swagger . You will find the flag in the swagger description.

Hidden page

Find a page that was used during development.

Solution

If you look through api/Auth/Register source code in the browser, you will find a one javascript method is commented out.

You will find the flag if you go to: /Auth/RegisterAdmin.

Registration with admin role

You need to register a new user with admin role.

Solution

If we look at the response of api/Auth/Login, we see that it returns the following json.

{
    "id": 0,
    "userName": "carson.alexander@ssrd.io",
    "password": null,
    "name": null,
    "surname": null,
    "userRight": 0,
    "cookie": "Y2Fyc29uLmFsZXhhbmRlckBzc3JkLmlv-079f6a2418056497a2651c7d72d787c79d5d7095dedd68e95464ba631de16625-0",
    "status": "ok",
    "siteAction": null,
    "token": null
}

Auth/Register uses the same model. Next register a new user with userRight set to a number >50

{
    "id": 0,
    "userName": "testAdmin@ssrd.io",
    "password": "Password1!",
    "name": null,
    "surname": null,
    "userRight": 100,
    "cookie": null,
    "status": null,
    "siteAction": null,
    "token": null
}

You will find the flag in the response header.