Link to challenge: https://academy.hacking-lab.com
Date Completed: 11 December 2019
Challenge
HV19.11 Frolicsome Santa Jokes API
1 2 3 4 5 |
Introduction The elves created an API where you get random jokes about santa. Resources Go and try it here: http://whale.hacking-lab.com:10101 |
Html file mirror: FSJA API Description
Solution
We have the spec for the FSJA API that the elves have made. We use Postman to play around with the API to get a feel for how it works.
Following the instructions, we are able to register a new user and authenticate to get a token.
We use the following payload for our user data:
1 2 3 4 |
{ "username": "mobeigi_test_1", "password": "ABCDEFG123" } |
Upon logging in with the /fsja/login endpoint we get a token which looks like this:
1 2 3 4 5 |
{ "message": "Token generated", "code": 201, "token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjp7InVzZXJuYW1lIjoibW9iZWlnaV90ZXN0XzEiLCJwbGF0aW51bSI6ZmFsc2V9LCJleHAiOjE1NzYwNTk5MzQuNzgwMDAwMDAwfQ.pbVVcSUmcBEgsV1vYcUs4tVwchH5GP8SaHulTIczpac" } |
The token looks like base64 encoded data. In fact, it happens to be a JWT token.
We finally use the /fsja/random endpoint to get a joke:
1 2 3 4 5 |
{ "joke": "People really act weird at Christmas time! What other time of year do you sit in front of a dead tree in the living room and eat nuts and sweets out of your socks?", "author": "Author Unknown", "platinum": false } |
The
platinum field stands out to me the most.
As a random hunch, I decide to register a user and provide the
platinum field value in the payload myself like so:
1 2 3 4 5 |
{ "username": "mobeigi_test_2", "password": "ABCDEFG123", "platinum": true } |
I generate another joke and the API kindly provides us with our flag:
1 2 3 4 5 |
{ "joke": "Congratulation! Sometimes bugs are rather stupid. But that's how it happens, sometimes. Doing all the crypto stuff right and forgetting the trivial stuff like input validation, Hohoho! Here's your flag: HV19{th3_cha1n_1s_0nly_as_str0ng_as_th3_w3ak3st_l1nk}", "author": "Santa", "platinum": true } |
Flag: HV19{th3_cha1n_1s_0nly_as_str0ng_as_th3_w3ak3st_l1nk}
Bonus
This challenge also contained the solution to HV19.H2 Hidden Three