Web Pentesting

Question 1.

Hidden Flag in HTML

Your first step into the castle’s outer courtyard reveals a webpage adorned with festive decorations and announcements. However, hidden deep within the code lies the first flag.

Objective: Inspect the page's HTML source to uncover the hidden flag.

Question 2.

Hidden Login Page
The outer gates of the castle lead you to a celebratory page filled with event details… or so it seems. Legends say that a concealed login portal exists, accessible only to those who can uncover its path.

Objective: Identify the hidden login page URL through reconnaissance techniques.

Question 3.

SQL Injection
Inside the castle’s library, now converted into a festival planning room, a suspicious login form awaits. The frantic preparations have left the database vulnerable to tampering.

Objective: Exploit the SQL injection vulnerability in the login form to bypass authentication and retrieve the next flag.

Question 4.

Insecure Direct Object Reference (IDOR)
Your journey takes you to the castle’s treasury, now doubling as a storeroom for festival supplies. However, the castle’s access control mechanisms are flawed, allowing resourceful intruders to view unintended files.

Objective: Exploit the IDOR vulnerability to access restricted documents and retrieve the fourth flag.

Question 5.

Dump the Final Flag
At last, you reach the Castle Storage, the most heavily guarded vault in Festava Live. With everyone distracted by the festival, you must exploit multiple weaknesses to gain access, retrieve sensitive data, and decode the final message.

Objective: Combine the knowledge and flags you've acquired to locate the final treasure.