Просто найди его

hackerlab

Task: Flask app with GraphQL API where hidden queries exist beyond what the UI exposes. Solution: discover /graphql endpoint from client JS, use introspection to enumerate schema, find hidden getFlag query, call it with isAdmin: true.

api_enumeration flask graphql python introspection hidden_endpoint

graphql_introspectionschema_enumerationhidden_query_discovery

$ ls tags/ techniques/

api_enumeration flask graphql python introspection hidden_endpoint

graphql_introspectionschema_enumerationhidden_query_discovery

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Космический терминал (Cosmic Terminal)— duckerz
[web][Pro]Обычная страница— hackerlab
[web][Pro]Совсем слепая инъекция (Completely Blind Injection)— bug-makers
[misc][Pro]Предатель (Traitor)— hackerlab
[web][Pro]Секрет (Secret)— hackerlab