IsmailTP/nacrosand-CTF

# Nacrosand – Trusernunt Initiation An Egyptian-themed web exploitation challenge focused on broken client-side trust validation and insecure frontend-controlled logic. ## Challenge Information * **Category:** Web Security * **Difficulty:** Easy * **Author:** Ismail TP ## Description Trusernunt Initiation is a story-driven Capture The Flag (CTF) challenge where players must prove their worth inside an ancient Egyptian temple system. The application presents users with a trust-based initiation process involving quizzes, hidden paths, misleading puzzles, and restricted vaults. Players must investigate how the application handles trust verification and identify weaknesses in the communication between the client and the server. ## Features * Egyptian-themed immersive interface * Interactive trust validation system * Hidden routes and secret endpoints * Client-side score handling * Intentional rabbit holes and dead ends * Realistic web exploitation workflow * Beginner-friendly challenge structure ## Concepts Covered * Client-side trust vulnerabilities * Request manipulation * Web application reconnaissance * Hidden endpoint discovery * Frontend vs backend validation * Application logic analysis * Intercepting HTTP requests ## Technologies Used * Python * Flask * HTML/CSS/JavaScript ## Skills Practiced * Web reconnaissance * Network request analysis * Logic flaw identification * Client-server interaction analysis * Web exploitation methodology * Burp Suite workflow ## Setup Instructions ### Clone Repository git clone https://github.com/IsmailTP/nacrosand.git cd nacrosand ### Install Dependencies pip install -r requirements.txt ### Run the Challenge python app.py ## Screenshots Add challenge screenshots here. Suggested screenshots: * Temple interface * Cipher page * Network request interception * Vault page * Final challenge environment ## Educational Purpose This project was created for ethical cybersecurity education and hands-on security training purposes only. Do not use these techniques against systems without proper authorization.

标签：后端开发