Web
For the web challenges, I solved one challenge by the name Graph1.
Graph1
We are given a link and told to find the flag.
I was happy I had an opportunity to learn how graphql works. You can learn more about graphql testing here
We start by visiting the link and we get the following page that says graphql is running.
Playing with the graphql api, we got interesting responses.
I then went ahead to dump the schema using the following query: query={__schema{types{name,fields{name}}}} We got the following schema returned.
Great, Now we craft a curl command to get us our flag.
The command looks like curl -X POST -H "Content-Type: application/json" -d '{"query":"{getFlag{id flag}}"}' http://128.199.47.43:5000/graphql
This inturn gives us the flag encoded in base64. Decoding the base64 string, we get our flag.
Comments powered by Disqus.