HacktivityCon CTF — OPA Secrets Solution

Hello Friends, hope you are doing well and having a good time.
I am mass0ma a CS Student, Bug Bounty Hunter, CTF player(occasional).

I will be explaining about how I solved the OPA Secrets Challenge. So lets begin with the challenge

Challenge description

Here, from the challenge description I guessed that we might need to see other people’s secrets anyhow and that’s how we will get our flag. (My guess was right later )

So I opened the given challenge URL in my browser with burp proxy on. I created one account and logged in. After logging in I found that on /security endpoint they have provided us a github repo for the opa_secrets. I started looking in app.py file and found something interesting, there were some UUIDs for secrets and users given which caught my attention. Among all those I found this one most interesting

Interesting UUID referring flag

Upon further reading through the code I found this function call interesting

So I started crafting a POST request to /getValue with our secret id as in a json parameter value for the id parameter and the necessary session cookie. The successful request looked like this

And this is how I was able to solve this challenge successfully. Had fun finding this flag. Hope you liked my solution. Until then

HACK THE PLANET ;)

Shoutout to my friends from the amazing Bounty Hunters Server with whom I formed a team and played this CTF. If you want to learn from and talk with some really talented hackers, join Bounty Hunters Discord Server.

CS student, Bug Bounty Hunter