AppSecExplained
Search
K

CobraKai Dojo (Medium)

You can access this CTF via the repo below. Setup is fairly straightforward. Enjoy!

Flag 1

Enumeration

We discover that a web application is running on port 80.
Cobra Kai Dojo homepage
After loading the homepage, there are a few things that we can immediately note for investigation later on.
  1. 1.
    The custom JavaScript file /js/app.js
  2. 2.
    The API endpoint /api/schedule
Initial requests in BURP Suite
Before looking into these, we continue to test the application functionality. So we:
  1. 1.
    Create a user account
  2. 2.
    Login
Following these steps, we come to a dashboard that says "Senseis can access the administrative interface".
Loggedin dashboard
After reviewing the registration request, we see that an extra parameter is passed quietly.
Register request
Let's update this to "sensei" instead of "student".
New registration with "sensei"
It worked, we can now access the administrative functionality of the site.
Admin dashboard

Alternative path - Cracking JWT

<writeup coming soon>

Getting a shell

<writeup coming soon>