TaskVault

Description

During a security audit at TaskVault Industries, you discovered an internal task management application called “TaskVault”. This application appears to contain sensitive information about the company’s projects, including potentially access credentials and secrets. Our team has managed to identify the server hosting the application, but it’s protected by multiple proxy layers and an authentication system. Your mission is to exploit the weaknesses in this architecture to bypass the protections and access the confidential data stored in TaskVault.

Files

docker-compose.yml
taskvault.tar.xz
13.04 KiB – 347384c6b9b4cffb7fbf7574e5b75d09eabd26a6530febd57f4b8f6f11d05673

Author

Mizu

Challenge Instructions

First, download docker-compose.yml:
curl https://hackropole.fr/challenges/fcsc2025-web-taskvault/docker-compose.public.yml -o docker-compose.yml
Launch the challenge by executing in the same folder:
docker compose up
Access the challenge at http://localhost:8000/.

⚠️ Important: You must solve the challenge by interacting with the Docker container through the exposed network port. Any other way is not considered valid.

In case you encounter problems, please consult the FAQ.

Flag

You don't have JavaScript actived. No problem! You can check your flag like this: echo -n 'PUT_THE_FLAG_HERE' | sha256sum # possible output: c8ebcba1b4acbaa79ce6c0f63eb7125f0eec7aa1d5b7da616e49260df9738082

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

Date	Author	Language	Tags
2025-04-27	dav3nn	🇬🇧