Welcome to The Bouvet Play 2018 Capture The Flag (CTF)!
Application Instance: https://bouvet-ctf-X.herokuapp.com/ (where X is your Team Number)
Before the CTF starts, you need to go register your team details in the scoreboard app (one account per team). There should be two players on every team.
Once the CTF starts, you can use the “Challenges” screen to enter your flags. You should search for the challenge name on the challenges screen.
If you miss your flag for some reason, you can go to the scoreboard screen of the vulnerable application and click on the green button to see it again.
Breaking the following rules will lead to deduction of points or disqualification.
- Your scope is limited your own application instance, port 443
- No DOS/DDOS-attacks!
- No interfering with other teams’ JuiceShop-instances, traffic or anything else related to another team or the organizers
- No using Burp Scanner (or other similar tools)
- No Googling around for solutions
- No tampering with or attacking the scoreboard app
- You may not tamper with the database table related to your challenge progress.
- If you aren’t sure about anything, ask 🙂
Well suited tasks
- XSS Tier 0 ( )
- XSS Tier 1 ( )
- Admin Section ( )
- Confidential Document ( )
- Christmas Special ( )
- Basket Access ( )
- Forgotten Sales Backup ( )
- Forgotten Developer Backup ( )
- CSRF ( )
- User Credentials ( )
- Forged Coupon ( )