Web
Visiting the web page result in Website down! please contact IT for more information and at this point try to go into robots.txt will result in 2 disallow directory that need to look for.
I mainly focusing on /contactIT directory because there nothing interesting in /countdown. Upon going to the /contactIT directory show that it only accept Post:Json Request Only. So, open the burp suite and change the http method result in unsupported media type which need to add Content-Type: application/json into http request header.
Doing so will give another error, failed to decode json object. But this time when I try to place the curly bracket in http request header it responds in traceback errors python and display what line that produce these two error that look interesting , f.checkResponds(messege) and also if "flag" in responds:.
Basically what it need is two object which is email (valid email) and also messege in json format. To retrieve the flag, it check weather in messege has request "flag" then it will send the true flag to the email that has been entered. Finally, doing so will give the flag send through email that provided before.
Flag: texsaw{7h15_15_7h3_r34l_fl46_c0n6r47ul4710n5}
Last updated
