SecurityFest CTF 2017 : A Temple Jest

by Abdillah Muhamad — on  , 



The target are setting up their intranet communication service. Hack it before they are done!
Solves: 52
Author: avlidienbrunn


This web app using node and expressjs framework too we can read package.json

  name: "atemplejest",
  version: "1.0.0",
  description: "A temple jest project",
  main: "index.js",
  scripts: {
    test: "echo "Error: no test specified" && exit 1"
  repository: {
    type: "git",
    url: "git+"
  keywords: [
  author: "avlidienbrunn",
  license: "WTFPL",
  bugs: {
    url: ""
  homepage: "",
  dependencies: {
    ejs: "^2.5.6",
    threads: "^0.7.3"

Trying to get the github repo without luck, because the repo was removed, after tring some test<var> i think we input in the parameter is variable then got eval’ed we can do some aritmathic calculation like 5+6 then we can call procces.env => [object Object] is under construction...

we can leak memory using Buffer() to get the flag executing this then simply search the flag by hand.