Advent of Cyber 2021 — [Day 3] Christmas Blackout

Grinch Enterprises have also tried to block communication between anyone at the company. They’ve locked everyone out of their email systems and McSysAdmin has also lost access to their admin panel. Can you find the admin panel and help restore communication for the Best Festival Company.”

Link to Room:

Question #1: Using a common wordlist for discovering content, enumerate to find the location of the administrator dashboard. What is the name of the folder?

I am using the TryHackMe attack box for this.

If you look through the results, you can see the name of the folder here:


Question #2: In your web browser, try some default credentials on the newly discovered login form for the “administrator” user. What is the password?

Use your web browser to open up that admin panel:

From here, right-click and choose “view source”. You will see this section here with a link to the login script they are using:

This will open up in a separate window here:

Where you can see that the username and password are both “administrator”


Question #3: Access the admin panel. What is the value of the flag?

Use those credentials to access the admin panel. Your flag is near the bottom:


Happy Holidays! ❤




CTF Writeups to facilitate cyber education.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

InfoSecSherpa’s News Round Up for Saturday, October 2, 2021

Data Privacy at a Price

InfoSecSherpa News Roundup for Monday, March 7, 2022

PNS Unlocked 8-Digit Domains, We’re Attending the Polkadot Decoded!

Celebrating DEAPcoin Listing in Japan! NFT Purchase Airdrop Campaign

Pwning your assignments: Stored XSS via GraphQL endpoint

Dynamo Coin Discord Security Incident

InfoSecSherpa’s News Roundup for Thursday, March 10, 2022

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


CTF Writeups to facilitate cyber education.

More from Medium

TryHackMe: Blue Writeup

Yogosha Christmas Challenge 2021

HTB: Grandpa Writeup w/o Metasploit