The purpose of this assignment is to test your understanding of common web vulnerabilities and guide you to exploit common web vulnerabilities in a controlled environment. You will learn how to perform block-box security audit of small websites without having access to its source code, as well as developing exploits to exploit the vulnerabilities that you find during security audit.
All vulneable websites are hosted on a virtual machine on Amazon AWS. You must have Internet access to be able to work on this assignment. You will need to use a browser inside the VM, an HTTP request sender (curl), and Burp Suite for this level.
All web challenges are accessible at http://127.0.0.1:8000/. Your goal is to exploit each level, find the secret flag (which can be a password, a message, a note, a post, or the bank account login credentials of an important user), and submit the flag. You can work on these levels in any order.
To make your life easier, the instructor will disclose the intended vulnerability of each level. However, remember that there can definitely be unintended vulnerabilities. It is totally OK if you exploit a level by exploiting unintended vulnerabilities!
Also keep in mind that the practice mode does not work for web challenges. Please work in the normal mode.
Challenges
30-Day Scoreboard:
This scoreboard reflects solves for challenges in this module after the module launched in this dojo.
| Rank | Hacker | Badges | Score |