Hi,
First things first, the flag of the CTF challenge.
{F863095}
I’ve published my write-up at https://kapytein.nl/texts/2020-06-10-h1-2006-ctf-writeup-2cf34abd3ed/, in order to avoid a lengthy report 😅.
software.bountypay.h1ctf.com
to discover a BountyPay Android application.api.bountypay.h1ctf.com
.staff.bountypay.h1ctf.com
via a POST /api/staff
call on api.bountypay.h1ctf.com
.Thank you for organizing this challenge!
This allows an attacker to process bounty payments of customers.