Scenario "Paris": Where is my webserver?

[fduran]

Discussions about scenario Paris

[HarukaMa]

Sent a feedback, but pasting here for ref :

Spoilers ahead

Strange one, my first instinct is to somehow gain access to the webserver.py file. "Random UA passes webserver auth" doesn't seems like a good fit of "server diagnostics" theme. This is more like a very easy web ctf question.

Also, "random UA gives password" is not that "real-world" as well. I didn't expect at all that it will spit out the flag when I used some random UA to send the request. What real server would do that?

I don't really know why this scenario is put like this. Probably you wanted to test if the user knows they can use arbitrary UA to troubleshoot some web services?

Anyway, the scenario in the current form feels pretty strange to me. Probably it's too different from other scenarios.

[fduran]

Hello, thanks for your comment. I'm not sure what "UA" means :-)

This is not a realistic scenario in itself, but the themes in it and the skills and tools to solve it I think are realistic.