> For the complete documentation index, see [llms.txt](https://kabinet.gitbook.io/ctf-writeup/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://kabinet.gitbook.io/ctf-writeup/2023/bsidessf-cloud-village-ctf/tony-tony-tony.md).

# Tony Tony Tony

## Challenge Description

Tony is a web application developer intern in a Product Based Company. Recently Tony was assigned to create a web app which can accept the codebase and gist URL as the parameter and save in the gallery. He has developed the API on AWS platform using which the end user can save the codebase from the remote URL.

Start here - <http://65.0.191.38/>

## Solution

Viewing the page source shows a JavaScript code that POST to <https://jg0rh6th8e.execute-api.ap-south-1.amazonaws.com/test/share> with the flag as the header

```javascript
var codeEditor = CodeMirror.fromTextArea(document.getElementById("code"), {
    lineNumbers: true,
    mode: "javascript",
    theme: "default"
});

var myHeaders = new Headers();
myHeaders.append("authorizationToken", "flag-{gtkO4f4NOrJsRRNZWxiTbL6LLUs5Ir8g}");
myHeaders.append("Content-Type", "application/json");

var raw = JSON.stringify({
    "codeFile": code
});

var requestOptions = {
    method: 'POST',
    headers: myHeaders,
    body: raw,
    redirect: 'follow'
};

fetch("https://jg0rh6th8e.execute-api.ap-south-1.amazonaws.com/test/share", requestOptions)
    .then(response => response.text())
    .then(result => {
        var resultDiv = document.getElementById("result");
        resultDiv.innerHTML = "";

        var pre = document.createElement("pre");
        pre.innerText = result;
        resultDiv.appendChild(pre);
    })
    .catch(error => console.log('error', error));
```

Flag: `flag-{gtkO4f4NOrJsRRNZWxiTbL6LLUs5Ir8g}`
