Czechstreets 139 |work| May 2026

The challenge looks innocuous – a tiny web‑app that lets you query street names. The trick is that the back‑end leaks data via an undocumented API and the flag is encoded in the metadata of a particular street entry (street #139). 2.1 Browsing the site $ curl -s http://139.czechstreets.ctf Result (truncated):

curl -s "http://139.czechstreets.ctf/api/streets?offset=138&limit=1000000" | jq . Result: czechstreets 139

[ "id":1, "name":"Hradčanské náměstí", "slug":"hradcanske-namesti", "id":2, "name":"Národní", "slug":"narodni", … ] Only the first 50 streets were returned (pagination). The id field is a simple integer that matches the street number on the map. The API supports the following query parameters (found by reading app.js ): The challenge looks innocuous – a tiny web‑app