45 Followers
·
Follow

Hack.lu Writeup

The challenge FluxCloud Frontline (web, hard) was part of the amazing Hack.lu CTF. It took a friend and me, both playing for the team FAUST, two evenings to crack the great challenge.

In the following, I describe the plain solution and leave out the many rabbit holes we stepped into.

The Challenge

With our brand-new FluxCloud Frontline product, we offer hyper-secure, ultra-rapid edge routing. Of course we have a bug bounty program too! If you can bypass our protections, you will be rewarded with a juicy flag. https://public.frontline.cloud.flu.xxx:8443/

When we open the challenge, we are provided with the source code of the project. The project consists of various server layers as can be seen in Fig1. …


The magic of GitHub search, API keys, and automation

Image for post
Image for post
Photo by the author

A few days ago, I discovered that Medium provides an API that everyone can request authentication keys for. While waiting for my key request to be approved, I searched on GitHub whether I could find accidentally uploaded keys. To my surprise, I found hundreds of files available in public repositories containing data that looked just like Medium authentication keys. Indeed, already the second key I tried was functional. In this article, I describe what a malicious user could do with these keys and how I automated the process of finding valid keys.

Image for post
Image for post
A simple GitHub is the first step in finding valid API keys (photo by the author).

Medium’s API

What could someone do with a key for the Mediums API? As always, the best information can be found in the API documentation, so let’s have a look at Medium’s API docs. …


Are they possible and are they a real risk?

Image for post
Image for post
Photo by Dmitry Ratushny on Unsplash.

The first time I came across the service worker concept was during Defcon CTF. In one challenge, we had to register a service worker to intercept the user's traffic and reroute it to our server. This concept sounded interesting and dangerous, so I researched it and eventually realized it would be a good topic for an article about using service workers as a “Man in the Middle” (MitM) and if its application is feasible in the real world.

What Are Service Workers?

Of course, your first question is likely “What even is a service worker?” The Google web developer guidelines describe them as follows:

“A service worker is a programmable network proxy that lets you control how network requests from your page are handled.” …

About

FHantke

Computer Science Student. Interested in IT security and forensics. https://fhantke.de/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store