Jott
Challenge Description
Jott is the new hottness of productivity applications! Collaborate in real time, share notes, take notes, or don't take notes! We're not your manager. We're not even a real company!
Go ahead and pentest the application and jott down whatever you find.
We'd like you to do a pretty thorough job, so we've outfitted you with a dev instane of the app. Please use these user level credentials to log in and perform an aunthenticated test.
Username- john_doe Password - password123
We also gave you the dev-build of the app in the src directory for reference.
Attachments
Solution
Logging in with the credentials given
Going through
app.py
, we find aSECRET_KEY
Grabbing the
jwt
token from the cookieDecode the jwt token using jwt.io
Replacing the jwt token in the cookie and refreshing the page, we get the flag
FLAG
Last updated