CTFtime.org

find_the_flag3

by archv1le / r1p3rS

Tags: web 

Rating:

find_the_flag3

  • Tags: Web
  • Description: The continuation of the annual Find the Flag on the web series. There is a flag hidden somewhere, broken into several parts. The task is to find all the parts and put them together.

Solution

  • When we go the website, we see standard React page placeholder. We should go to the Developer Tools and find there a JS script with the link to some strange URL.
  • As we can see in description flag divided in to 3 parts. 1 part: we can find in App.js file. We can see array with route /worker11111.js.

first-part.jpeg

  • 2 part: we can find in file PartA.jsx. we can see that it send info to backend and gets some info. We can use Postman to send request to WebSocket.

second-part.jpeg

  • 3 part: we can find in PartB.jsx, as we can see in code it send request to :3001/api/code/part3/ and get some function that gives us flag. To get flag we need 2 arrays that located in /workers.js. Write script in JS and get flag.

third-part.jpeg

  • The flag is:
VolgaCTF{P4R71_71M3_W3850CK_P4RT3_8PTRPSNI8U}
Original writeup (https://github.com/archv1le/CTF-Write-Ups/blob/main/VolgaCTF%202024%20Qualifier/find_the_flag3/Solution.md).

Comments