Challenge:
Name: Blockchain Hype
Description: Learn about the Token Sale before its official announcement.
Difficulty: 5 star
Category: Security Through Obscurity
Expanded Description: https://pwning.owasp-juice.shop/part2/security-through-obscurity.html
Tools used:
None.
Resources used:
None.
Methodology:
This challenge was surprisingly easy. Within the expanded description it is noted that brute force will be unlikely to yield successful completion, and also that it’s a good idea to investigate where paths are defined within the application. To that end, I opened up the main JavaScript file and searched for “token”.
![77
78
79
30
31
35
36
37
" blank", "rel
39
91
93
94
95
96
"fa-2x
98
"fa-2x
01
03
05
["app-token-sale"
decls:
114,
26,
vars :
consts: [
["fxLayout", "row", "fxLayout.lt-md", "column" ,
fxFtexAlign" ,
"center"
1,
"heading"]'
[2, "margin-left",
"10px" ,
[2, "margin-left" ,
" 10px"
"fxLayoutGap" ,
"20px" ,
1,
"whitepaper-container" ,
" innerHtml "
["translate" ,
["href", "https://ponzico.win/ponzico.pdf" ,
"target",
"mat-raised-button", " " ,
"color" ,
"accent"
"fa-university", "fa-lg"],
"fas",
"offer-container"
"container"
noreferrer"
["href", "https•.//w."'.sec.gov/investor/alerts/ia_virtualcurrencies.pdf" ,
" noopener
"target",
" blank", "rel
"noopener noreferrer"
[1,
[1,
"fa-graduation-cap
"fas",
"offer-box"],
"text-justify"
"fab", "fa-bitcoin"
"badge"],
"fa-lg"
["fxF1exAlign . It-md", "center" ,
"faq-container"
1,
"fas",
"fa-comments" ,
[1,
"far",
"fa-comment-alt" ,
"fa-2x"
"far",
"fa-comments" ,
[1,
"fa-2V],
"fas", "fa-comment-alt",
["translate" ,
, "text-justify"
, "assets/public/images/padding/56px.png"
"src"
template:
function
Find: tokenl
Next
Previous
Highlight All
Match Case](https://curiositykillscolby.files.wordpress.com/2020/12/image-104.jpeg?w=1024)
From here, I simply visited every link I could find nearby. Eventually I came across this link, which completed the challenge.
Curiosity Kills Colby 