Credit: @RiversideRocks for the original puzzle.
Your goal is to get access to /secret, but using a signup forum. If you read carefully, and get the somewhat obvious hints, then you can get to the secret file.
Someone finished it! It was @Ghostoblivion! , then @wh0, then @youngchief.
The source is here and just read the README.md file.
Puzzle: https://groovy-thundering-guitar.glitch.me/puzzle.html
Finish Link: https://groovy-thundering-guitar.glitch.me/secret?key=chkdsk
Hint: On the /create page , the quote /logs has some of the best logs ever. may have a special meaning.
I have no idea! I was able to view the signup logs, but after that I got nothing.
Is this made in PHP or Node?
By the looks of it, I’m 99% sure its node.
Is it SQL injections? I tried but it didn’t work.
It also using Jsoning as a db, so that may not work…
Yep, I thought it was as it has a different not found error than php
There are no Linux command that you need to know. Look at https://groovy-thundering-guitar.glitch.me/logs/id
It does not use shell commands because people could use commands to destroy the server.js script.
It contains where the
Should I add another hint?
Ok so here it is! Pay attention to the last lines, especially the words in quotes
[system.Handler]: Hiding "/secret" File with query: "?key="
[system.Handler]: Now perfoming a "chkdsk".
woa, that took some thinking outside the box. thanks for the puzzle!
Your welcome! The original was RiversideRocks.
I had just come to the fourms for today, saw the puzzle thing here, then the clue, and bamm got ihe answer quick
Hey when I edited it, it said something about “overwriting edits”.
Also, I added the source code, the link is at the top.
Answer was:
<iframe width="1000" height="500" src="https://www.youtube-nocookie.com/embed/dQw4w9WgXcQ?autoplay=1" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
Interesting use case of Jsoning…