Medium | web | 50 points
Look on the site and try to find services, there must be a dashboard to control the area
We are given a random URL https://1825d1f6964055e82bb5eda70bbc148d.challenge.hackazon.org/ which takes us to a very nice-looking webpage. None of the buttons seem to do anything so instead, I investigated the source code. Inside the source code is a link to the dashboard!
Our link is:
[https://1825d1f6964055e82bb5eda70bbc148d.challenge.hackazon.org](https://1825d1f6964055e82bb5eda70bbc148d.challenge.hackazon.org/)/8efwygs6p3gu7zmifcq0
This directs us to a login page for “Grafana” where a quick search of the docs reveals the default login of admin:admin which happens to work here.
We are greeted with this dashboard and clicking the magnifying glass on the left allows us to switch to a different dashboard called “sample” which contains our first flag.
Medium | web | 75 points
Can you find and analyze the data for us? we need information, a code, something…
Switching back to our “system” dashboard, we find that the explore button takes us to a terminal where we can type commands to access a database. The buckets command reveals the following buckets (tables)
Querying the flag bucket gives us our second flag
Medium | web | 175 points
there must be a way to retrieve sensitive AI data for the dashboard, find a way to break one service and get the flag hidden in the system
Unfortunately, I had no idea what to do with this part of the challenge and I have not solved it :(