bayotop

Keybase proof

I hereby claim:

• I am bayotop on github.
• I am bayotop (https://keybase.io/bayotop) on keybase.
• I have a public key whose fingerprint is 38D3 3EC0 5654 05BC 3C76 686F C090 53E7 6BFB A3FD

To claim this, I am signing this object:

bayotop

<!DOCTYPE html>
<head>
<title>CSP strict-dynamic + preload link in Chrome</title>
  <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-123' 'strict-dynamic'" />
</head>
<body>
<script nonce="123">
  var f = document.createElement("link");
  f.rel = "preload"; // prefetch works perfectly fine
  f.href = "/foo.js"

bayotop

param(
    [Parameter(Mandatory=$true)]
    [string] $Path,
    [Parameter(Mandatory=$true)]
    [string] $Wordlist,
    [array]  $Exclude = @("*.jpg","*.png","*.dll","*.exe","*.so","*.o"),
    [string] $OutputFile = "usages.csv"
)

function Prepare-OutputFile($OutputFile) {

bayotop

string secret = "\ud8ab";
string secret2 = "\ud8cd";

if (!secret.Equals(secret2))
{
    Console.Out.WriteLine("The strings are not equal.");
}

computeSignature(secret, "timestamp", "payload");  // returns 1eba7aac5f10ee7aa985722256aa4125e8e59fe256386c8ab10295063d986e57
computeSignature(secret2, "timestamp", "payload"); // returns 1eba7aac5f10ee7aa985722256aa4125e8e59fe256386c8ab10295063d986e57           

bayotop

Description

https://www.hackerone.com/blog/hack-your-way-to-nyc-this-december-for-h1-212

How I found the flag

I ran an obligatory port scan, checked the IP using shodan.io, and did some basic directory discovery. I found two open ports - 22 and 80 - and one directory /flag with a message from the creators.

As this wasn't really helpful, I tried to enumerate vhosts and found one resulting in a different response: admin.acme.org.