Skip to main content

Hacker 101 CTF Walkthrough: BugDB v1

In this post, I will be taking you through one of the CTFs on HackerOne named "BugDB v1".

This CTF is focused on the basic concept of GraphQL APIs and how they works. Let's start.

When you open this CTF, a minimal page opens up having a hyper link to GraphiQL

 

 

 I first tried using the famous introspection query that usually is used to check the structure of the endpoint

{__schema{queryType{name}mutationType{name}subscriptionType{name}types{...FullType}directives{name description locations args{...InputValue}}}}fragment FullType on __Type{kind name description fields(includeDeprecated:true){name description args{...InputValue}type{...TypeRef}isDeprecated deprecationReason}inputFields{...InputValue}interfaces{...TypeRef}enumValues(includeDeprecated:true){name description isDeprecated deprecationReason}possibleTypes{...TypeRef}}fragment InputValue on __InputValue{name description type{...TypeRef}defaultValue}fragment TypeRef on __Type{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name}}}}}}}}

 

I copied the response from this GraphQL endpoint to GraphQL Voyager in order to better understand the response. The graphical structure received is as follows:

It shows that we have different entities like Bugs,Users etc and obviously Query object containing different queries like we can query for users and bugs. Enough said I played with all these queries in order to find something special but of no avail.

Then I looked into the docs of the GraphQL endpoint (button available at top right corner of the window), after reading through the docs I made a query that was using all the types available in the docs and so I was technically fetching all the information from the endpoint. 

query{
  user{
    edges{
      node{
        id,username,bugs {
          edges {
            node {
              id,reporterId,
              text,reporter {
                id
              }
            }
          }
        }
      }
    }
  }
}

This in response gave me the flag to solve the CTF.

 

Actually this CTF is more of a introductory CTF to GraphQL so that you can see how graphQL works and understand reading its documentation.

Labels:

Comments

Post a Comment

Popular posts from this blog

Hacker 101 CTF Walkthrough: Petshop Pro

I am back with another walkthrough to one of the  HackerOne 's CTF Petshop Pro . Let's look at the interface of this web page.
Post a Comment
Read more

Hacker101 CTF Walkthrough: Micro-CMS v1

Here is the walkthrough for another CTF available on  Hacker 101  is Micro-CMS v1 This CTF has four flags and I will walk you off through each one of them. Let's start! This is the main page of the CTF where you have some options like you can create some pages, and read the already created ones. Flag 0: To find the flag0 you need to first create a page with some random content After creating the page, you will be redirected to the page you just created showing the contents. Observe the URL at this moment. It will be something like: http://34.74.105.127/242d57e34e/page/13 Noticing that our page number has been assigned number 13 and by manually changing the page number you can access other pages. Now click on Edit this Page  button in the top right corner. Now observe the URL which will be like http://34.74.105.127/242d57e34e/page/edit/13 So we know now that we can access a page in two ways, by simply hitting the page URL and by hitting the edit page URL.
Post a Comment
Read more