🐀 0 pts earned

API Profile

Premium Machine (Locked)

🧩 ExposedAPI

🖧 AD Network — ExposedAPI

🔒 API Users API Profile 🔒 API Auth 🔒 API Admin 🔒 API Fetch

Mass assignment vulnerability on the profile update endpoint. Adding role=admin to the PUT request body grants admin status, which unlocks an admin panel exposing SSH credentials. Root via sudo perl.

🕐 Launching Soon

Launching in calculating...

Target IP Premium required

User Flag Pending

Root Flag Pending

Community

Community Hints

Grade A · 1000 pts Grade B · 700 pts Grade C · 400 pts Grade D · 200 pts + 150 credits on accept

Short, stage-specific nudges — directional, spoiler-light, no exact commands.

No community hints yet — be the first to add one!

Community

Community Walkthroughs

Grade A · 2500 pts Grade B · 1750 pts Grade C · 1000 pts Grade D · 500 pts + 300 credits on accept

🔒 Community walkthroughs are spoilers — capture the root flag on this machine to unlock them.