Web App


Codesprouts's

Welcome to the Socio-Pedia Challenge Module!

This is a web application security module where you will put your hacking skills to the test against a social media site named Socio-Pedia. Ready to dive in?

In this module, you will progress through three levels:

  1. Crack the password using a given script.
  2. Gather information from the site.
  3. Decrypt an encrypted message using a Caesar cipher.

(The web app for levels 1 and 2 can be found at https://pwn.college/workspace/challenge, inside your browser, or, http://challenge.localhost/workspace/challenge inside the VNC Desktop)


Challenges

In the first level, your task is to gain access to Jenna’s account by cracking the password with the known email jenna@email.com.

The password is a combination of words and symbols found inside the file located at ~/Desktop/password.py. The site requires that all users have a password with (a word + a number + a symbol).

Your objective is to complete the script, crack this password, and find the flag. This exercise will test your ability to use basic scripting skills to automate the password-cracking process.

(After starting the challenge the web app can be found at https://pwn.college/workspace/challenge, inside your browser, or, http://challenge.localhost/workspace/challenge inside the VNC Desktop)

Great job!

Having successfully logged in with the credentials from Level 1, your next challenge is to perform information gathering from within Jenna’s account.

You will need to explore Jenna's home profile, search through posts, and examine comments to locate the user who has posted the flag. This level emphasizes your ability to navigate a web application and retrieve useful information hidden within user interactions.

The flag will be a comment in the post of the encrypted message for level 3.

Please make sure to note down the encrypted message somewhere as it will not be available in level 3.

(After starting the challenge the web app can be found at https://pwn.college/workspace/challenge, inside your browser, or, http://challenge.localhost/workspace/challenge inside the VNC Desktop)

Woohoo you’ve made it!

In the last level you discovered the encrypted message.

For your final task, decrypt this message. The message is encrypted using a Caesar cipher. Caesar ciphers are a form of shift cipher, for more information please visit here.

Once decrypted, you will use the command python /challenge/challenge.py to input the message and obtain the final flag.

This level will challenge your understanding of basic cryptography and your ability to apply decryption techniques to uncover hidden information.

Good luck!


30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

Rank Hacker Badges Score