Networking API Key writeup UAP Cyber Siege CTF 2025

0xodinx

 Writeup :- UAP Cyber Siege 2025 - Qualification Round_CTF- Find  the API  Key.

 

UAP_Cyber_siege 2025 - Dp1h3r0x


❇️ Description :-

 

---API Key---


An API key was leaked in one of the requests or responses. Find it.


Example: CS{randomstring}

Author: TareqAhamed (0xt4req)


✅ Solutions :-

 

Step 1 :- Analyze the traffic capture .


I began by opening the provided traffic.pcapng file in Wireshark to analyze the captured network traffic.

 

UAP_Cyber_siege 2025 - Dp1h3r0x

 

 

Step 2 :- Filter for '/debug ' path.

 

Next, I applied an HTTP filter to look for requests involving the /debug endpoint. This helped narrow down the results.

I noticed a two  HTTP requests returning a 200 OK status. Following the corresponding HTTP stream, I found a suspicious base64-encoded string in the response :-

QXBpIEtleTogVGRHbkRqVWZLZExXS2dVZFZJZlVrZlVma2ZVZktkTFdmSmZVZVZL

 

UAP Cyber Siege 2025 - Qualification Round_CTF-Networking-AI-Model-writeup

 


 

-----------------------------------------


I found a suspicious base64-encoded


Step 3 :- Decode the base64 string.


I copied the base64 string and decoded it. The decoded output was :-

Api Key :-  TdGnDjUfKdLWKgUdVIfUkfUfkfUfKdLWfJfUeVK 


base64 string and decoded it


and I got the flag.


Flag :- 

CS{TdGnDjUfKdLWKgUdVIfUkfUfkfUfKdLWfJfUeVK}



      Thank you for reading this writeup.          



0 Comments