Hello Friends, hope you are doing well and having a good time.
I am mass0ma a CS Student, Bug Bounty Hunter, CTF player(occasional).
I will be explaining about how I solved the OPA Secrets Challenge. So lets begin with the challenge
Here, from the challenge description I guessed that we might need to see other people’s secrets anyhow and that’s how we will get our flag. (My guess was right later )
So I opened the given challenge URL in my browser with burp proxy on. I created one account and logged in. After logging in I found that on /security endpoint they have provided us a github repo for the opa_secrets. I started looking in app.py file and found something interesting, there were some UUIDs for secrets and users given which caught my attention. Among all those I found this one most interesting
Upon further reading through the code I found this function call interesting
So I started crafting a POST request to /getValue with our secret id as in a json parameter value for the id parameter and the necessary session cookie. The successful request looked like this
And this is how I was able to solve this challenge successfully. Had fun finding this flag. Hope you liked my solution. Until then
Shoutout to my friends from the amazing Bounty Hunters Server with whom I formed a team and played this CTF. If you want to learn from and talk with some really talented hackers, join Bounty Hunters Discord Server.
