Description

Author: @congon4tor#2334

This API documentation has all the swag

Press the Start button on the top-right to begin this challenge.

Connect with:

    http://challenge.ctf.games:32286

Solution

Navigating to the website, there are two available servers:

• API … (unavailable).
• Staging-API …

We are particularly interested in the Staging-API one.

To test the Staging-API server and obtain the flag, we need to first Authorize.

• Click on Authorize → Try admin:admin credentials.

After successfully logged in as the admin user. We then execute the following command to retain the flag:

$ curl -X 'GET' \
  'http://staging-api.congon4tor.com:7777/flag' \
  -H 'accept: application/json' \
  -H 'Authorization: Basic YWRtaW46YWRtaW4='
{"flag":"flag{e04f962[*REDACTED*]bf1dcdd3}"}