Challenge

Avalanche 2 CTF

Avalance 2 CTF - Pentest

The challenge

We are delighted to make Avalanche2 CTF available! It is the second appearance of the Avalanche CTF platform which is a petition/campaign website like 38 degrees or the UK.gov petitions site.

With Avalanche we are presenting a CTF challenge that has clear learning objectives for anyone trying it. To complete this you likely learn a few things along the way. It is also based on reality in two important ways:

·     In a genuine application assessment, a penetration tester must find vulnerabilities within otherwise secure targets. To simulate that the site has a full range of functionality. You are encouraged to interact with the site as a legitimate user would first. This is to discover the full range of functionality before seeking to exploit anything.

·       Each part of the exploit chain is something which is like vulnerabilities located and exploited by us during real-world engagements.

Some may find this trivial but there is also a fair bet that many could spend several hours or evenings.

Hints

Hint 1: Google “baking flask cookies”
Hint 2: Google “Flask tutorial”
Hint 3: The password is in the wordlist stored inside the web root.

Getting Started 

  1. Download the CTF from here
  2. We have provided a PDF guide to load this VM within VMWare/VirtualBox within the zip file downloaded above.

Where is the flag? 

Your challenge is to get the password for the user with administrative privileges.

Happy hunting to everyone

Avalanche 2 CTF - The solution

Many have tried, none have succeeded. So here it is, the moment you’ve all been waiting for. The solution to our Avalanche 2 CTF!

The CTF is still available to try and if you have any questions regarding the solution please feel free to DM us via twitter.

Looking for more than just a test provider?

Get in touch with our team and find out how our tailored services can provide you with the cybersecurity confidence you need.