Repository Security

Description

Author: Mani

Supply chain attacks? Code leaks? Never heard of those.

Here at Example.com, we store our entire production environment on GitHub! Our code monkeys are so talented that they would never do anything stupid that would get accounts compromised or anything like that.

web2.zip

Analysis

   5   │ my_users = {
   6   │     "chuck":  {"password": "norris",  "roles": ["admin"]},
   7   │     "lee":    {"password": "douglas", "roles": []},
   8   │     "mary":   {"password": "jane",    "roles": []},
   9   │     "steven": {"password": "wilson",  "roles": ["admin"]},
  10   │ }

Looks like leaked source code contains users database.

Solution

Open Instance
Use one of the admin's credentials
Visit Secret page for flag

This is secret!! You can see only because you are <admin>
the flag is ctf{REDACTED}

PreviousDeception NextUsername Decorator

Last updated 1 month ago