I'm doing a CTF activity that I have been working on for the past week and I cannot seem to figure out what is going wrong. To break it down it goes something like this:

• It is an application that consist of 3 tabs, "Balances", "Transactions", and "Payments"
• Everytime you click on one of those tabs, information is displayed which comes from an API.
• But the API call for "Balances" is broken, when it is requested, nothing shows up under the Balance tab and it returns a 404 resource not found error.

So far I've used cURL to try and talk to the API through that and made sure there was no errors in the spelling of the requested site but still no luck.

I would appreciate it if someone could guide me in the right direction or maybe suggest an approach to take instead of giving out what to do step for step which would be much appreciated :).

Edit: The API call is intentionally broken, the challenge is to figure out why it is broken and how to fix it.

Thanks!

CodePudding user response：

kek just solved this very challenge.

Have you considered that the "Cyber Gang" (context of the challenge) may have changed the endpoint from balances to something else?

Considering that you get a 404 balance from curling get-balances, perhaps you could figure out a way to find other subdomains :)