Context

Find what's hidden deep inside this website.

Cupid's Vault was designed to protect secrets meant to stay hidden forever. Unfortunately, Cupid underestimated how determined attackers can be.

Intelligence indicates that Cupid may have unintentionally left vulnerabilities in the system. With the holiday deadline approaching, you've been tasked with uncovering what's hidden inside the vault before it's too late.

Starting hypothesis

My hypothesis consist in analysing the web page as much as I can, using nmap, dirbuster, etc.

To uncover hidden access and reach the flag, I guess a bypass authentication will be needed at some point.

I don’t expect a high complexity.

Method / Used Tools

Web app recon

Nmap

I started the reconnaissance phase with a full TCP port scan using:

• nmap -p- <target_IP>

The scan revealed only two open ports:

• 22/tcp – SSH
• 5000/tcp – UPnP (likely hosting the web application)

There were no additional exposed services, which suggested that the attack surface was relatively small and that the main entry point would probably be the web service running on port 5000.

Dir enumeration

I then performed directory enumeration using: