🚩 CTF Challenge

Medium

Welcome, hacker. NoteVault looks secure on the surface — but there's a secret flag hidden inside a restricted internal API. Can you make the server expose it?

🎯 Objective

Retrieve the flag stored at the internal API endpoint /api/internal/flag. You cannot access it directly — it's protected. But the server can.

🏁 Flag Format

The flag is in the format TACHYON{...}. Submit it to your CTF platform to score points.

🌐 Go to Import 🏠 Home