> Write-up and Inital setup to re-create the challenege in your own system and
> follow the solution.

The challenge is cateorgorized as crypto hinting what vulnerbailites to look
for in the source code downloaded from the CTF website.

### **The target Website looks as show below**  
![](https://miro.medium.com/max/869/1*RQ8P-XOAJv_EBvyuJ8cfow.png)

It makes two Http:// GET requests. One to “**authorize**” API and another to
“**run**” API.

As the name suggest one API does the user input validation and generates a
signature, the other uses the signature to verfiy the inputs and runs the user
inputs as command to provide the final output.  
  
Run API end-point is accessible to public internet (in our case the host
system), anyone can send a maliciously crafted the request to run API end-
point, if they have a valid signature of the data.

Challenege is around finding a vulnerability in the signature (MAC) generation
and exploit it to get the flag.

Original writeup (https://pranavakumar.medium.com/nanothorpe-
challenge-d4f1f539f2b3).