Hack the Login

Very Easy 22 Dec 2025 Free Access Solution Available

Start the machine, hack the system, and find the hidden flags to complete this challenge and earn points!

Flags

Points

51%

Success Rate

Launch your dedicated machine to begin hacking

~1-2 min setup

Dedicated server

Private instance

Industry standard

First: Open the Target URL shown above in a new browser tab.

Every webpage loads resources. Press F12 to open DevTools and look at the HTML source.

Near the bottom of the HTML, find the <script> tag. It loads a JavaScript file - that's your answer.

JavaScript files often contain authentication logic. Finding them is your first step in web security analysis.

On the Target URL: Press F12, go to Sources tab, click on the .js file.

Look through the JavaScript code for an if statement that checks credentials.

You'll find something like: if (username === "..." - the value in quotes is the expected username.

Hardcoded credentials in client-side code is a critical vulnerability. Anyone can read JavaScript.

Same file: Look at the same if statement you found in the previous step.

The authentication check compares both username AND password. You already found the username.

Look for: && password === "..." - the value after the === is the password.

You now have both credentials. Next step: use them to log in and capture the flag.

You have the credentials. Time to use them.

You just completed a client-side authentication bypass - a real vulnerability found in production systems.

+5 pts