# LAB_1 (Web) * [request smuggling](https://yu-jack.github.io/2019/09/30/http-smuggling/) (Chao、CAT) * Expect header (CAT) * BAC (broken access control) (Chao) * front-end (Chao) + api leak (Chao) except header ``` front-end server 身份驗證 透過 except 以為是 body 結果是 header --> forward back-end server ``` # LAB_2 ~~(BANK)~~ - banned () - unlock your account () - take api token to get account (幹又是crypto) () - transfer money then bypass 2fa () - 2fa: time based (幹是crypto)() - with ai service () target 帳號a(被封) 解封 網頁 app qrcode 下載app -> 逆向app - app功能 - 轉帳 解封 --> take admin/password with AI 轉帳之前有二次驗證 轉帳成功 --> get flag