In this web application challenge, the 🕵️ security researcher needs to gain access to Vault and fetch Secret (Flag:)
Note: Before proceeding with either of below methods of setup, clone the repo using
git clone https://github.com/alexdevassy/Machine_Learning_CTF_Challenges.git
and then download model file from here. Once the model file is downloaded place the same file in
cd Machine_Learning_CTF_Challenges\Vault_ML_CTF_Challenge/images/
✋ ❗ ❗ Challenge can be either installed via docker as docker image (Step1a) OR via native installation (Step1b) 🚫
cd Machine_Learning_CTF_Challenges\Vault_ML_CTF_Challenge/
docker build -t vault_ml_ctf .
To run the challenge docker run --rm -p 5000:5000 vault_ml_ctf
The challenge works best with Python 3.10.12
Create virtual environment in python using python -m venv virtualspace
In windows, activate the virtual environment with .\virtualspace\Scripts\activate
In ubuntu, activate the virtual environment with source /virtualspace/bin/activate
cd Machine_Learning_CTF_Challenges/Vault_ML_CTF_Challenge/
pip install -r .\requirements.txt
python app.py
Now the CTF Home Page 🏡 can be accessed in host systems browser at http://127.0.0.1:5000/. Read 👓 through the page and click on "Start Breaking Vault" to start the CTF.
Don't peak into app.py. Everything you need to conquer this CTF is neatly tucked away in the web application itself. 😁
For solution to CTF challenge visit : Vault_CTF_Solution
🚫 A quick heads-up: The video below contains CTF solution spoilers 😅. So, if you're still up for the challenge and enjoy a bit of mystery, it might be best to steer clear of this one.