by fluffyhake
Answers for security questions are found in the response when doing a password reset. We can change klarz password by using these answers. When we log in with the new password the flag is shown.
Resetting password with answers present in the response for /get-secret-answers:
Logging in with our new password:
Flag is shown upon successful login:
After registering a user we get a list of all admin users
On the webpage we see a option for resetting passwords. Let's explore it further. We chose klarz as the target for the password reset.
Usually during web challenges we use developer tools in the Network tab to keep an eye on all requests.
When submitting the username we see a request being sent to /get-secret-answers. Taking a look at the response we see the answers for our security questions.
We are prompted to enter a new password after submitting these answers.
Let's try our new password:
After logging in with the new password we get the flag!
After the initial solve i tried with the other Admin user called iLoop. It results in the same outcome and the flag. iLoop has some other answers to the security questions:
This is the first CTF challenge we have gotten first blood on. Even though that was mostly due to luck, it was really cool to receive a balloon and to have our theme song played!