Skip to main contentSkip to main content
Room Banner
Room Icon

VulnNet: dotpy

VulnNet Entertainment is back with their brand new website... and stronger?

medium

75 min

4,123

User profile photo.

To access material, start machines and answer questions login.

Score updated
Score updated

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Target Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Lab machine
Status:Off

Yes, VulnNet Entertainment is back, and now security-focused. You are once again tasked to perform a penetration test including a web security assessment and a security audit.

  • Difficulty: Medium
  • Web Language: Python

This machine was designed to be a bit more challenging but without anything too complicated. A web application will require you to not only find a vulnerable endpoint but also bypass its security protection. You should pay attention to the output the website gives you. The whole machine is Python focused.

Note: While looking through web pages you might notice a domain vulnnet.com, however, it's not an actual vhost and you don't need to add it to your hosts list.

Icon made by Smashicons (opens in new tab) from www.flaticon.com (opens in new tab) (opens in new tab)

Answer the questions below
What is the user flag? (user.txt)

What is the root flag? (root.txt)

We use cookies to ensure you get the best user experience. For more information see our cookie policy.