password-checker - See if your password is secure! Or whether this portal is secure!
After the announcement of a catastrophic breach of PICI (Personally Identifiable Cat Information) by Evil Robot Corp, we used Shodan to see if there were any interesting new attack vectors in their IP space and found this weird password checker portal. It looks totally hackable. Can you see if you can exfiltrate files out of the portal?
docker run --rm -p 8080:8080 squarectf/pwd_checker
then visit http://localhost:8080/
This challenge will be discussed at Capture the Flag: Learning to Hack for Fun and Profit at the 2017 Grace Hopper Celebration.
WORK_AT_SQUARE(1), PRIVACY_POLICY(1), CODE_OF_CONDUCT(1)