Taskist-Pro
Group Intro
Interested in more challenges like this? Dive deep into the offensive skills to solve them in the following course(s):
- SEC542: Web App Penetration Testing and Ethical Hacking
- SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques
Flags
| Objective | Flag |
|---|---|
| 0x01 | |
| 0x02 | |
| 0x03 | |
| 0x04 |
0x01
Objective
We are working on this amazing new task manager app called Taskist Pro. Our devs claim the app is secure, we want you to take a look at it and see if you can leak the flag hidden inside the admin account.
http://taskist-pro.ooctf.com:1337/
Solution
Ran out of time, did not perform any action on this objective.
0x02
Objective
Great, you were able to leak sensitive information of the admin account! But can you log in as the admin account now? Play around with other features available on the platform!
Solution
Ran out of time, did not perform any action on this objective.
0x03
Objective
Wow! You compromised the admin account! Looks like there's some interesting information on the admin dashboard and some additional features, can you read the application's server-side source code?
Solution
Ran out of time, did not perform any action on this objective.
0x04
Objective
Now that you have the application source code access, can you look around for hidden endpoints? Can you bypass the protection in place to read from that hidden endpoint?
Solution
Ran out of time, did not perform any action on this objective.