Level 6 - Passkey (web)

Here's the front-end of the service:

When we register we are prompted to register our fingerprint, a password-less method of authentication:

We also need to use this method of authentication to log in.

When logged in we see the following:

We can't access the admin dashboard, however:

I actually managed to brutally cheese this challenge by doing a dirsearch on it, and realising that /.json was available.

If you go to https://passkey.chals.tisc25.ctf.sg/.json when logged in you'll see something like the following:

{"common":{"app_name":"passkey.tisc","app_domain":"passkey.chals.tisc25.ctf.sg"},"user":{"id":63,"username":"elijah5399"},"is_logged_in":true,"welcome_message":"Welcome to Jetzig!","message_param":null}

This prompted me to try my luck by accessing https://passkey.chals.tisc25.ctf.sg/admin.json which I got the flag from: TISC{p4ssk3y_is_gr3a7_t|sC}

This got patched shortly after I found the approach, so it won't work if you try it now.

Last updated