1. Challenge Information

• Category: Forensic (Email)

• Challenge Description / Prompt:

  The Planet's Prestige
  CoCanDa, a planet known as 'The Heaven of the Universe' has been having a bad year. A series of riots have taken place across the planet due to the frequent abduction of citizens, known as CoCanDians, by a mysterious force. CoCanDa’s Planetary President arranged a war-room with the best brains and military leaders to work on a solution. After the meeting concluded the President was informed his daughter had disappeared. CoCanDa agents spread across multiple planets were working day and night to locate her. Two days later and there’s no update on the situation, no demand for ransom, not even a single clue regarding the whereabouts of the missing people. On the third day a CoCanDa representative, an Army Major on Earth, received an email. 
  

2. TL;DR Solution Summary

The endpoint improperly validated JWTs, allowing us to forge a token by modifying the algorithm field to "none", granting admin access.

3. Recon / Initial Analysis

3.1 Files/ Informations Provided

3EPrcBh52dtr4XdJB8tdZvLVzVYiSJ.zip

• password: btlo
• Tools used to inspect (e.g., strings, Wireshark, CyberChef)
• Initial observations

4. Vulnerability Breakdown

• SQL injection due to unsanitized id parameter
• Buffer overflow because gets() is used without bounds checking
• Base64 → Hex → XOR encoded message
• Misconfigured file permissions

Keep this section conceptual and readable.

5. Exploitation

Step-by-step explanation of how you solved it.