Objective: Find and exploit authentication bypass and access control vulnerabilities to capture 3 flags.

Skills Required: JWT analysis, IDOR exploitation, parameter manipulation, authentication bypass

Sponsored by: @the.phasenetwork 📱

Flag 1: Pending

Flag 2: Pending

Flag 3: Pending

SecureU Portal

Enterprise Security Management System v2.1

"The intern mentioned something about 'state' being important in modern web apps..."
"JWT tokens contain more than just authentication data - sometimes they reveal secrets"
"Not all users are created equal - some have special privileges that aren't obvious"
"Developer tools might show you things the UI doesn't want you to see"
"Sometimes the real treasure is in the headers, not the body"

💡 Try common credentials like admin/admin, test/test, guest/guest, or check for default accounts

🔐 Multi-Factor Authentication

Security Code Required

Developer Console:

POST /api/auth/login - 200 OK

Set-Cookie: session_token=...

X-Auth-State: pending_2fa

X-Next-Step: /api/auth/verify-2fa

💡 The intern said: "Sometimes you don't need to complete every step they ask for..."

Check your browser's developer tools - network tab might be interesting

https://portal.secureu.corp/dashboard