• Have you reviewed the source code?

Task 1 - Uncover the Flag

First, let’s enumerate the open ports with:

threader3000

Once complete, let it complete it’s recommended nmap scan.

It appears that the only thing hosted is a website on port 80, let’s take a look at it.

The login page presents us with a screen similar to the following:

I looked at the source code, and it appears that the login is calling the authenticate() function from a script in the source code. This code has the login credentials present in plain text in them (although the password has to be reversed).

Now that we have the credentials, let’s login:

We should now see the flag for this challenge!