Task:

<span><span>Something seems weird about this password reset token validator.

172.31.0.10/randdumb_978360d545acfc8dea2bbeddec27a211.js

Running on 172.31.1.51:5534</span>


Approach:

</span>The server is a simple node.js script that computes a new random token with each request, compares it to the submitted random token, and displays the flag when the two match.

Rather than analyzing the the random number generator in depth, we changed the script to generate a token, print it and exit. After running this in a loop 1000 times, the random token generator had produced one duplicate result ( CO+/ve+/ve+/ve+/ve+/ve+/ve+/ve+/vQ== ).

We put this duplicate token into a simple shell loop running nc against the server and after a minute or two it accepted the token and provided the flag.