🐀🐀 0 pts earned

API Auth

Premium Machine (Locked)

🧩 ExposedAPI

🖧 AD Network — ExposedAPI

🔒 API Users 🔒 API Profile API Auth 🔒 API Admin 🔒 API Fetch

JWT authentication with HS256 using secret='secret'. The alg:none attack is also accepted. Forge an admin JWT to access protected routes that expose SSH credentials. cap_setuid python3 for root.

🕐 Launching Soon

Launching in calculating...

Target IP Premium required

User Flag Pending

Root Flag Pending

Community

Community Hints

Grade A · 1000 pts Grade B · 700 pts Grade C · 400 pts Grade D · 200 pts + 150 credits on accept

Short, stage-specific nudges — directional, spoiler-light, no exact commands.

No community hints yet — be the first to add one!

Community

Community Walkthroughs

Grade A · 2500 pts Grade B · 1750 pts Grade C · 1000 pts Grade D · 500 pts + 300 credits on accept

🔒 Community walkthroughs are spoilers — capture the root flag on this machine to unlock them.