HTB Cyber Apocalypse CTF 2021: Wild Goose Hunt

Wild Goose Hunt is a web-based challenge with the difficulty of 2 stars,

From the source code, it is clear that we have to test the “/api/login” endpoint, Also the database used is mongo. This means we have to perform NoSQL injection,

I tried “$isexists” to make the query true and it worked, I logged in as admin but there was no flag, So I tried “$regex” to know what the password is.

After spending few minutes I figured out that the password is the flag, I started brute-forcing the flag:

If “CHTB{a.*}” (flag starts with “a” ) response is Login successful
Else Login Failed

I wrote a python script that automates this process:

At the output, we get the flag,

Спасибо :) — Mudhalai Mr Team 1nf1n1ty

<>AKA Gowtham Student at SASTRA Deemed university, Core team member DSC SASTRA </>

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store