Ottergram

November 24 will always be the day that I got to see otters and really question my ability to hack. Even with the hint BAC showing me the way, was the lab difficult for me, luckily I had to thank nobody else but myself for that.

Like usual, on a BAC I created two accounts. There was some new functionality on the app that allowed me to send messages to other users.

Because this was also the first time it was a socket.io lab, I spend hours trying to manipulate the IDs from the sender, message, recipient, ... But nothing worked. I eventually even had to turn to the Discord and see what hints I could get.

The first thing somebody said was, "are you absolutely sure you saw ALL the functionality". And I thought I had. But I had, in fact, missed a important bit. Whenever a message was sent to another user, that user would receive a popup with a preview from the message.

This message was also visible in SocketHistory. For some reason I missed that too. But when I finally saw it, the answer was there. Only thing I had to do was change the ID from 6 to 1.

This caused the app to let me see the preview of that message. Not entirely without coincidence, this message contained the flag 🇧🇪