CyberSpace24 - Trendz

To solve the “Trendz” CTF challenge, exploit JWT token validation and secret key exposure. By accessing the /static endpoint to retrieve the JWT secret, craft a valid token with the “admin” role to view the hidden post and obtain the flag.

September 2, 2024 · 7 min · hxuu

CyberSpace24 - Trendzz

The challenge demonstrated a race condition vulnerability in post creation due to non-atomic operations. This allowed concurrent requests to bypass post limits. Key lessons include ensuring atomic operations, reviewing code for vulnerabilities, and using automated scripts for testing.

September 2, 2024 · 5 min · hxuu

CyberSpace24 - Feature Unlocked

In this CTF challenge, we exploited a web app’s validation mechanism by setting a custom validation server with debug mode enabled. This allowed us to bypass feature access controls and perform Remote Code Execution (RCE) to retrieve the flag.

September 2, 2024 · 8 min · hxuu