Skip to content

Hacking Insights by Max Bautista

root
journal
whoami
connect

OpenSecret writeup

OpenSecret writeup

Challenge name: OpenSecret

Difficulty: Very Easy

Challenge Scenario: A simple help desk portal where users can submit support tickets. The application uses JWT tokens for session management, but something seems off about how they’re implemented. Can you find the security flaw?

Link: https://app.hackthebox.com/challenges/OpenSecret?tab=play_challenge

Machine IP: 154.57.164.66:32719

We can see the website.

When I make a test support ticket it stats I have ‘No session token provided’.

Checked the source code and it looks like the flag is there.

GG

Share this:

X
Facebook

Like Loading…

Leave a comment Cancel reply

Δ

Hacking Insights by Max Bautista

Designed with WordPress

sendto:maxbautista@protonmail.com
https://www.linkedin.com/in/maxbautista/
https://github.com/Kamigold

Loading Comments...

Write a Comment...

Email (Required)

Name (Required)

Website

Comment
Reblog
Subscribe Subscribed
- Hacking Insights by Max Bautista
- Already have a WordPress.com account? Log in now.

%d