Welcome to Pharmeasy CTF

Flag Format: flag{this_is_the_flag_format}

CTF Round Instructions

1. Objective

This CTF round aims to assess your understanding of common web application vulnerabilities and your ability to identify and exploit them.

2. Environment

Personal Machine: You will be using your own personal machine for this CTF.

Software/OS:

• Required: Burp Suite
• Optional: SQLmap, Parrot OS/Kali Linux (for those comfortable with the environment)
• Windows can also be used. (There won't be any issue if a candidate decides to use the Windows OS for participating in the CTF round)

Screen Sharing: You are required to share your full screen throughout the exam.

Video: Keep your video turned on throughout the exam. Do not attempt from a noisy environment.

3. Time Limits

• CTF Round: 1 hour
• Reporting and Discussion: 30 minutes

4. Reporting

Format: Submit your report in any format (Google Docs, Sheets).

Required Fields:

• Vulnerability Name
• Severity (e.g., Critical, High, Medium, Low)
• Payload Used (if applicable)
• Screenshots (Supporting evidence)
• Remediation Steps (Suggested solutions to address the vulnerability)

Submission: Send the completed report to [Email Address] within the allotted time.

5. Rules

Moderate Internet Usage: Moderate use of the internet is allowed during the CTF. This is an open-book test.

Prohibited Tools:

• No AI/LLMs: The use of any AI or Large Language Model (LLM) tools is strictly prohibited.
• Automated Scanners: The use of automated vulnerability scanning tools (e.g., Nessus, nuclei general vulnerability assessment tools) is not permitted.

6. Evaluation Criteria

The CTF will be evaluated based on:

• Vulnerability Identification: Your ability to successfully identify and exploit vulnerabilities.
• Reporting Quality: The completeness, accuracy, and clarity of your vulnerability report.
• Problem-Solving Approach: Your approach to analyzing and solving CTF challenges.

7. Note

This CTF is designed to assess your understanding of vulnerabilities and your approach to finding bugs. It is not intended to be a race or a competition to find the most vulnerabilities. Focus on understanding the underlying issues and providing clear and concise reports.

We wish you the best of luck!