Description Building Secure Applications is hard! But we tried. Can you get the flag from Secure Note? You might need to dig deep into your skills for this one. (PS: The challenge requires no automated testing tools! using them == instant ban)
Short writeup
- Challenge involves Reversing, Web, and Crypto
- Reverse the binary to get the endpoints
- Trigger the XSS bug in the website and get admin cookie
- Use Hash Length extension attack to get authenticated as admin and get the flag