Challenge Description

"The TryHeartMe shop is open for business. Can you find a way to purchase the hidden 'Valenflag' item?"

With love, Chief Inspector Valentine 💕

Table of Contents

  1. Reconnaissance

  2. Initial Access & Analysis

  3. JWT Token Analysis

  4. Vulnerability Discovery

  5. Exploitation - JWT Algorithm Confusion

  6. Admin Access

  7. Flag Retrieval

  8. Mitigation Recommendations

Reconnaissance

Step 1: Initial Application Exploration

Let's start by examining the target application:

curl -i http://10.82.188.43:5000

Response Analysis:

HTTP/1.1 200 OK
Server: Werkzeug/3.0.1 Python/3.12.3
Date: Fri, 13 Feb 2026 16:23:55 GMT
Content-Type: text/html; charset=utf-8

Key Findings:

  • Flask web application (Werkzeug server)

  • Python 3.12.3

  • E-commerce shop interface

Available Products (Visible):

  1. Rose Bouquet (12 stems) - 120 credits

  2. Heart Chocolates (Box) - 85 credits

  3. Chocolate-Dipped Strawberries - 60 credits

  4. Love Letter Card - 25 credits

Navigation Links:

  • / - Shop homepage

  • /login - User login

  • /register - User registration

  • /account - Account management (requires authentication)

Step 2: Examining Registration Process

curl -i http://10.82.188.43:5000/register

Registration Form Fields:

  • Email (required)

  • Password (required, minimum 6 characters)

🔐 PREMIUM WRITEUP - MEMBERSHIP REQUIRED

🌟 Get Instant Access

Unlock the complete step-by-step solution, techniques used, notes, and exclusive insights by becoming a member.

Membership

Why Go Premium?

  • Early access to full detailed writeups

  • Passwords for active CTF solutions

  • Advanced exploitation techniques

Upgrade once - unlock everything instantly.

💬 Need help while solving?

I’ve got your back - reach out anytime:
Email: [email protected]

Keep hacking, keep learning, keep winning. 🎯

Keep Reading

© 2026 Andrés.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv