🐀 0 pts earned

Blacksite DB

Premium Machine (Locked)

🧩 BlacksiteWebapp

🖧 AD Network — BlacksiteWebapp

Blacksite DB 🔒 Blacksite Tools 🔒 Blacksite Media 🔒 Blacksite Reports 🔒 Blacksite Import

A login form with no parameterised queries. Classic SQL injection bypasses authentication and the users table stores plaintext SSH passwords for internal pivot. Root is a trivial sudo python3.

Target IP Premium required

User Flag Pending

Root Flag Pending

Community

Community Hints

Grade A · 1000 pts Grade B · 700 pts Grade C · 400 pts Grade D · 200 pts + 150 credits on accept

Short, stage-specific nudges — directional, spoiler-light, no exact commands.

No community hints yet — be the first to add one!

Community

Community Walkthroughs

Grade A · 2500 pts Grade B · 1750 pts Grade C · 1000 pts Grade D · 500 pts + 300 credits on accept

🔒 Community walkthroughs are spoilers — capture the root flag on this machine to unlock them.