Navigate to [http://10.10.10.28/csrf]. Kerry is naive and clicks on every link you send her, try using a csrf vulnerability to steal her money.
Navigate to [http://10.10.10.28/ssti], try exploiting the ssti to run arbitrary code and get the flag.
Navigate to [http://10.10.10.28/sqli], try exploiting the sqli to dump the users table. (sqlmap may be useful)
Any way to get me access to this new album from my favourite band? (This one is a little tougher!)
My steam wallet is running low. I've tried all the logins we found previously. This might require something new?
I want free access to movies.
More passwords to find!
You've found the login page for the site. Can you get access?
This is a basic pin brute force. You've been given access to this page with a 4 digit pin. Can you build a script to crack it?
You're not admin, are you?
Can you login to an account? (Try doing #4 first)
Can you inject the login page?
Hack the Network Test page . There's a
cat binary is in the same directory as where you are, to run it use
./cat, the flag is in a file called
Another easy one, just look and pretend you're a robot 👀
This is an easy one, just look around...