$$ RED53 $$

IP Address: 172.25.200.200

Port: 9029

Protocol: https ← !!!

Want to run this Docker container locally?

docker run -d --privileged --shm-size=2g -p 9029:5000 --name red53 --restart always joshbeck2024/ctf-xss-bot-flag-red53

Lab Objectives:

• Many CTFs on sites like https://ctftime.org include XSS exploitation challenges that work much like the one running here.
• If you understand how this fundamental challenge is tackled, you’ll be in familiar territory with many web exploitation challenges.
• In this lab, you’ll uncover a string of the form Flag-SomeValue

The complete source code for the application is provided once you log in

• They’ll provide the application code.
• It’s your job to perform static analysis (Key Sec+ Term) and find the security hole!

Any text editor will do, but I’ll go ahead and open up the extracted folder in VSCode.

• Feel free to view the project from Notepad or something like pico on Linux.

Examining flask_app.py

This webserver is a Python Flask application.

• Flask is a lightweight web framework for Python that makes it easy to build web applications. It allows developers to quickly create routes (URLs) to endpoints that handle requests and return responses such as HTML, JSON, or other data formats.