Skip to content

KipodAfterFree/KAF-2019-ChatM8

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
.idea
.idea
 
 
src/challenge
src/challenge
 
 
2019-ChatM8.iml
2019-ChatM8.iml
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ChatM8

ChatM8 is an information security challenge in the Web category, and was presented to participants of KAF CTF 2019

Challenge story

Admin chats with many friends.

Challenge exploit

Multiple server endpoints allow a user to inject message IDs to their chat, and an endpoint exposes all message IDs. (Including Admin's)

Challenge solution

Message ID injection for the whole message chain.

Building and installing

Clone the repository, then type the following command to build the container:

docker build . -t chatm8

To run the challenge, execute the following command:

docker run --rm -d -p 1020:80 chatm8

Usage

You may now access the challenge interface through your browser: http://localhost:1020

Flag

Flag is:

KAF{H4d_107s_0f_v3r5ionz___much_v3r510nz_5uch_m1gr4n3}

License

MIT License

About

No description or website provided.

Topics

challenge

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages