[WEB] Under Construction

Can anyone help my I have been stuck for past 2 days on this challenge. I need help on how to get the private thing.

I’ve located the vulnarability and succeeded to inject some code i retrieve at the home page but i still don’t know how i can retrieve the flag (I tried several methods to get it). If you did this challenge you can DM me for more informations.
Thank you in advance.

I’m not able to find anything anywhere after logging in. I’ve decoded stuff in the cookie but I don’t really know what to do with it. Any tips?

@mouseknight said:

I’m not able to find anything anywhere after logging in. I’ve decoded stuff in the cookie but I don’t really know what to do with it. Any tips?

The cookie stores a JSON Web Token (JWT). A good place to start would be to research how they work.

I’ve located the vulnerability and am able to fake my identity but I can’t still find the flag.Any Tips?what am i missing
Thanks in advance

Type your comment> @higbee said:

@mouseknight said:

I’m not able to find anything anywhere after logging in. I’ve decoded stuff in the cookie but I don’t really know what to do with it. Any tips?

The cookie stores a JSON Web Token (JWT). A good place to start would be to research how they work.

Yea I know how they work and I decoded it, I saw a key, but I don’t really know what to do with it. It’s a pretty unusual implementation of JWT, it doesn’t conform to the standard spec, I don’t really know where to go from here.

Right I got a little further, the problem with the JWT is so dumb it didn’t click immediately, reading up more on JWT in this context is helping

I’m just spinning my wheels trying to get this to work, can anyone PM me a walkthrough of what to do with this bit specifically please?

I’ve read the entire source code. I understand the flow of the challenge, however, unsure about the newline which seems to be a part of the solution. Also, uncertain whether the private key is reachable (I don’t see how you can modify the data in the token, without it).
You can PM me or write here, thank you.

for anyone who is struggling after finding the initial interesting bit,

  • don’t use any auto exploiters. automate the generation and delivery part with script but take manual input for each payload until you find the perfect payload to automate.
  • there’s online IDE available for practice and a famous repository with examples.

A really nice challenge, very enjoyable.

Happy to hint if anyone is stuck.

Solved.

I learned a lot from this one actually.

DM me if you need some tips.

@11o said:
A really nice challenge, very enjoyable.

Happy to hint if anyone is stuck.

i need hint plzz msg me personally

Solved, can DM for nudges. Had some difficulties because the tool I used couldn’t seem to read the flag (I saw it, couldn’t open). Upgraded it to a later version solved it.
Also, the guy who wrote he found a private thing really threw me off - that is not the way, just misleading.

funny chall. It gives me many things to think and learn. Feel free to dm for questions :sweat_smile:

Finally got it!! I was stuck several days / weeks with last part. A fun challenge, it did me to learn a bit more. Thanks to creators @makelarisjr & @makelaris !!

Nice box for beginners. :slight_smile:

I am stuck in Under Construction for 3 days. I have tried using SQLmap (post) for testing SQLi. I have tried injecting XSS into the input, but it doesnt seem to be of any good. I have tried to see the calls using burp, and found the public key in the JWT cookie. But i cant move on from there. Where do i go from here?

I am a new user, please ignore any mistakes.

Solved. DM me for any help. But here are my two cents:

  1. Read the source code
  2. Understand the application workflow
  3. Yes the final step can be automated

Nice challenge, really enjoyed :smile:

I give some tips that could be handy:

  1. If you have played with the application, you will notice that sometimes there is a strange error. This will give you an idea of what to do, but maybe you need to do things before.
  2. Analyze inputs of the application, one is giving you some information, why you need this? Maybe there is some paper online that explains how to take advantage of this.
  3. After you have figured what to do with 2 and 1, my recommendation is to setup a Flask app and point you automated tool to the Flask application.

Anyways, PM if you need some push.