Context

Use red-teaming techniques to bypass the WAF and obtain admin access to the web application.

The farewell server will be decommissioned in less than 24 hours. Everyone is asked to leave one last message, but the admin panel holds all submissions. Can you sneak into the admin area and read every farewell message before the lights go out?

Starting hypothesis

1. Target recon
   • nmap
   • code source
   • enumeration
2. WAF bypass
   • XSS
   • Weak Configurations
   • Signature / Pattern Bypass
   • Parsing & Normalization Bypass
   • Protocol Manipulation

Method / Used Tools

Target recon

Nmap

An initial full TCP port scan was performed against the target to identify exposed services.

nmap -p-10.64.158.118

The scan revealed only two open ports:

• 22/tcp running SSH
• 80/tcp running HTTP

All other ports were closed. At this stage, no unusual services or misconfigurations were identified, indicating a relatively small attack surface focused on the web application.

Code source

Reviewing the client-side source code did not reveal anything immediately exploitable. The website mainly exposes a standard login form, with no obvious sensitive information or hidden logic present in the HTML or JavaScript.

Given the presence of a login form protected by a WAF, a potential attack vector could involve testing for weak WAF configurations, for example attempting basic SQL injection payloads such as:

' or 1=1--