Little Bobby Tables

Your research confirmed that an attacker really did compromise an administrator account on the Daily D'eel website. You reset the password to lock them out temporarily, but now you need to secure the system to prevent it from happening again. See if you can recreate the attacker's method and expose the administrator password.

Ready to take the Challenge?

Read the challenge description above carefully. When you understand the prompt and feel ready to try the challenge, click the "Begin Challenge" button to start.

Feeling Ready?
Begin Challenge

Challenge Description

Congratulations, you’ve discovered the hull breach in your team’s application. Since you’ve showcased your abilities in finding potential attack vectors, your team volunteered you to test the security of the new login system on Daily D’eel.

If you find the next security vulnerability, your team will give you Privateer privileges so that you can try all of the new Daily D’eel products before they ship to the general public. You could really create a floating fish palace with those new toys!

In this challenge, you’ll need to try to expose the admin password through the login form. You’ve heard that it is possible to dump the database just by modifying the input of the form, but it’s up to you to find the admin password and prove that the system is vulnerable to attack. Just make sure you watch out for barnacles...


In this challenge, we'll ask you to locate a hidden "flag". To find it, you'll need to utilize your problem solving abilities and maybe a bit of code. The flag looks like: flag{some_text_here}. When you find it, you'll need to paste the whole flag in the text box in the header of this page.

This challenge is timed, so read the instructions below carefully before you begin!