This challenge looked very complicated at first, but turned out to be super simple.

The website shows API documentation for /flag, which requires some authorization information as a parameter. There are two API endpoints, one is not available and the other is a testing one, which works.

Documentation powered by Swagger UI - an API documentation tool. The docs list one method, /flag, a dropdown to select between two servers, and a button named "Authorize".

The first attempt was to just test out the functionality of the website. I executed /flag on the test port, which returned a 401 status code. On checking the docs further, it mentions that the authentication is missing.

Response for /flag without parameters. It displays the request URL and its corresponding curl request, followed by a 401 response with the message "Missing authorization header" in JSON format.

Then I clicked on the "Authorize" Button, entered random credentials and ran the API, this time returning a 403 meaning the credentials were incorrect.

Out of curiousity, I tried admin as both the username and password, executed the API again, and got the flag!

Response for /flag with admin as the usernamr and password. It displays the request URL and its corresponding curl request, followed by a 200 response containing the challenge flag in JSON format.

Flag: flag{e04f962d0529a4289a685112bf1dedd3}

More writeups from HacktivityCon CTF 2021

2EZ

Confidentiality

N1TP

Butter Overflow

Tsunami

ToDo