Web App


Desert CodeSprouts.

Welcome to the Socio-Pedia Challenge Module!

This is a web application security module where you will put your hacking skills to the test against a social media site named Socio-Pedia. Ready to dive in?

In this module, you will progress through three levels:

  1. Crack the password using a given script.
  2. Gather information from the site.
  3. Decrypt an encrypted message using a Caesar cipher.

(The web app for all levels can be found at https://pwn.college/workspace/challenge, inside your browser, or, http://challenge.localhost inside the VNC Desktop)



Challenges

In the first level, your task is to gain access to Jenna’s account by cracking the password with the known email [email protected].

The password is a combination of words and symbols found inside the file located at /challenge/password.py. The site requires that all users have a password with (a word + a number + a symbol).

Your objective is to complete the script, crack this password, and find the flag. This exercise will test your ability to use basic scripting skills to automate the password-cracking process.

(After starting the challenge the web app can be found at https://pwn.college/workspace/challenge, inside your browser, or, http://challenge.localhost inside the VNC Desktop)

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Great job!

Having successfully logged in with the credentials from Level 1, your next challenge is to perform information gathering from within Jenna’s account.

You will need to explore Jenna's home profile, search through posts, and examine comments to locate the user who has posted the flag. This level emphasizes your ability to navigate a web application and retrieve useful information hidden within user interactions.

The flag will be a comment in a post about the encrypted messages.

(After starting the challenge the web app can be found at https://pwn.college/workspace/challenge, inside your browser, or, http://challenge.localhost inside the VNC Desktop)

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Woohoo you’ve made it!

You will once again need to explore Jenna's home profile, search through posts, and examine comments to locate the user who has posted an encrypted message. (There will be more than one, but only one of them is the important one!)

For your final task, decrypt this message. The message is encrypted using a Caesar cipher. Caesar ciphers are a form of shift cipher, for more information please visit here.

Once decrypted, you will use the command /challenge/check to input the message and obtain the flag.

This level will challenge your understanding of basic cryptography and your ability to apply decryption techniques to uncover hidden information.

Good luck!

(After starting the challenge the web app can be found at https://pwn.college/workspace/challenge, inside your browser, or, http://challenge.localhost inside the VNC Desktop)

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank Hacker Badges Score