Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/vin-hacks/claraclassroom
The Clara S. Traversal's classroom is an intermediate level web security challenge (black box) where you will have to exploit both client-side and server-side vulnerability in order to change a student gard. Can you hack the class and get in? Access teacher only features? Do even more than the teacher can? Good luck!
https://github.com/vin-hacks/claraclassroom
ctf cybersecurity hacking javascript python vulnerability web webhacking websec
Last synced: 10 days ago
JSON representation
The Clara S. Traversal's classroom is an intermediate level web security challenge (black box) where you will have to exploit both client-side and server-side vulnerability in order to change a student gard. Can you hack the class and get in? Access teacher only features? Do even more than the teacher can? Good luck!
- Host: GitHub
- URL: https://github.com/vin-hacks/claraclassroom
- Owner: vin-hacks
- Created: 2024-09-11T02:01:08.000Z (5 months ago)
- Default Branch: master
- Last Pushed: 2024-12-15T02:06:03.000Z (about 2 months ago)
- Last Synced: 2024-12-15T03:17:22.733Z (about 2 months ago)
- Topics: ctf, cybersecurity, hacking, javascript, python, vulnerability, web, webhacking, websec
- Language: Python
- Homepage:
- Size: 29.3 KB
- Stars: 4
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Clara S. Traversal's Classroom
**This is supposed to be a black box challenge no source code review is necessary.**
**If you have any questions or want to get acces to hints you can add me on discord : vinhacks**
The Clara S. Traversal's Classroom web security challenge is a challenge where you'll need to exploit a couple of web vulnerabilities in order to make Vincent's final grade over 90%.
- Objective : Gain access to the class and find a way to change the user Vincent's final grade to be over 90%
- Requirements : Python (3.10 or higher versions) installed nothing else.
- Additional info: The teacher denies access to users every minute. Also I recommend not logging in to the teacher's account and logging out it will cause problems with the teacher.py script and is not needed for the challenge.
Warning: This is an intentionally vulnerable website. This code contains an RCE so make sure the website is not publicly accessible.
### Startup
```
git clone https://github.com/vin-hacks/ClaraClassroom
cd ClaraClassroom
python3 server.py
```
In another shell
```
cd ClaraClassroom
python3 teacher.py
```
Then you should be able to access http://localhost:8081/ in your browser and begin hacking!
Note that this challenge was made so that no code review or enumeration is necessary.
The solution is in the SOLUTION.md file