You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: Advent-of-Cyber-2021/Day-07-Migration_Without_Security/README.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,18 +2,18 @@
2
2
3
3
- Interact with the MongoDB server to find the flag. What is the flag?
4
4
5
-
-`***{********************************}`
5
+
-`***{********************************}`
6
6
7
7
We discussed how to bypass login pages as an admin. Can you log into the application that Grinch Enterprise controls as admin and retrieve the flag?
8
8
9
9
Use the knowledge given in AoC3 day 4 to setup and run Burp Suite proxy to intercept the HTTP request for the login page. Then modify the POST parameter.
10
10
11
-
-`***{********************************}`
11
+
-`***{********************************}`
12
12
13
13
- Once you are logged in, use the gift search page to list all usernames that have guest roles. What is the flag?
14
14
15
-
-`***{********************************}`
15
+
-`***{********************************}`
16
16
17
17
- Use the gift search page to perform NoSQL injection and retrieve the mcskidy record. What is the details record?
0 commit comments