HTB CTFPlatform
by not_a_30t - Tuesday September 19, 2023 at 03:13 PM
Plz provide some hints

An Issue being in JWT payload. An unknown error which redirects to logout page,

Created this final payload using JWT tool.
The source code says

Middle ware.js

const JWTHelper = require('../helpers/JWTHelper');

module.exports = async (req, res, next) => {
if (req.cookies.session === undefined) {
if(!'application/json')) return res.redirect('/');
return res.status(401).json({ status: 'unauthorized', message: 'Authentication expired, please login again!' });
return JWTHelper.verify(req.cookies.session)
.then(user => {
req.user = user;
.catch(() => {

async verify(token) {
return jwt.verify(token, process.env.JWT_SECRET, {
algorithm: 'HS256'

router.get('/admin', AuthMiddleware, async (req, res) => {
    if (req.user.username !== 'admin') return res.redirect('/dashboard');

    let flag = execSync('/readflag').toString();

    return res.render('admin.html', { flag });

router.get('/dashboard', AuthMiddleware, async (req, res) => {
    if (req.user.username == 'admin') return res.redirect('/admin');

    return db.listInvoice(req.user.username)
        .then(invoices => {
            return res.render('dashboard.html', {user: req.user, invoices});
        .catch(e => {
            res.send(response('Something went wrong!'));

Hackers NEED your HELP
The last non-spam response in the topic was more than a month ago. I close the topic as irrelevant to prevent spam. If this is not the case, please send a pm and I will open the topic for discussion again.
I finally opened 60 of the 60 pages of the database section! Cool

 Users browsing this thread: 1 Guest(s)