A mock website of a banking company that is poorly developed. There are multiple vulnerable comments / hints hidden in this page. It's your goal to find them and use them to gain acces to the admin account.
-
Clone the repository:
git clone https://github.com/mattjemattias/cyber.git -
Install the dependencies:
cd cyber & npm install -
Run the enviroment:
npm run dev
-
On the admin page there is a data-hint on the input fields.
- Basically saying the username is admin. //TODO: make a social media page so they get the username from the social media page.
- Refering to the robots.txt file.
-
On the robots.txt file there is a url: /keepthishidden
-
On the /keepthishidden url there is a hint refering to their localstorage where they will find the /topsecret page.
-
When loggin in with the wrong credentials, there should be a hint on what decrypting algoritm to use.
-
There is a /topsecret page. On that page there is a base64 decrypted password.
- Download profile picture from Arthur, open up in text editor or online metadata editor.
- Picture is taken on 2023/04/16 (y/m/d), on his 30th birthday.
- Arthur is born on the 16th of April 1993.
- you can change the "max" attribute on the input field
- fill in 10000 to get an alert with the flag
- whenever you go to the home page, a request is send to https://flask.lukasolivier.be/employees
- there is a flag inside the response