<- IMAGINARYCTF

Fasting

1 minute to read

We are given a host puzzler7.imaginaryctf.org:5005. If we send a GET request using curl, we have this response:

$ curl puzzler7.imaginaryctf.org:5005
{"api_message":"Yet another sourceless web..."}  

$ curl -i puzzler7.imaginaryctf.org:5005
HTTP/1.1 200 OK
date:
server: uvicorn
content-length: 47
content-type: application/json

{"api_message":"Yet another sourceless web..."}

Using ffuf, we discover endpoints docs and redoc:

$ ffuf -w $WORDLISTS/dirbuster/directory-list-2.3-medium.txt -u http://puzzler7.imaginaryctf.org:5005/FUZZ  
docs                    [Status: 200, Size: 931, Words: 150, Lines: 31, Duration: 114ms]
redoc                   [Status: 200, Size: 891, Words: 176, Lines: 31, Duration: 111ms]
                        [Status: 200, Size: 47, Words: 4, Lines: 1, Duration: 111ms]

Both of them are supposed to document API endpoints for people who want to consume the API:

Fasting 1

Fasting 2

There we can find the endpoint to get the flag:

$ curl puzzler7.imaginaryctf.org:5005/wow_this_is_such_a_long_and_odd_name_for_a_flag_endpoint_hmmmmm  
{"flag":"ictf{google_the_protocol_is_different_than_guessy...right?}"}