Description

[ 5 aug 2024 ] Just finished my ecommerce website. It took quite a lot of time because I wanted to make sure it’s extra secure, I’m sure it will get some traction. I’m so excited!

[ 20 aug 2024 ] The website isn’t picking up as i hoped it would, but I’m still optimistic

[ 13 sep 2024 ] The store is a complete bust and there is this annoying customer that keeps on checking my store every other damn minute but doesn’t buy anything.

[ 13 sep 2024 ] JUST BUY SOMETHING!

Flag format: CTF{sha256}

Files : source-oracle-srl.zip

Analysing

The given zip archive give us two directories :

• Oracle-SRL
• source-oracle/oracle-srl
  It seems to be the same files/directories, except someones.
  We runs a diff between the two and found a .git, and a solver for the chall.
  And…

Resolution

In client/client.go we found this code:

    flag_owner_session_token, err := session.GenerateSessionToken("antal.alexandru@bit-sentinel.com", "CTF{e663b007e3d1fd27f657e2756e3ba8724a37119d145063ce541595988b6cdc72}", controllers.Key)

that contains the flag.

The flag was: CTF{e663b007e3d1fd27f657e2756e3ba8724a37119d145063ce541595988b6cdc72}