After hearing that someone had created a Mr. Robot themed CTF, I needed to see this. As the author describes, there isn’t anything overly difficult with this VM, but it is enjoyable nether the less.

On a Ubuntu 16.04 box with the proprietary drivers from NVIDIA installed for my GTX 980ti, I was experiencing a problem preventing me from running Hashcat; which was this error message:

Due to a lack of CSRF mitigation and entity encoding in `lib/episode_asset_list_table.php`, it is possible to execute scripts in the context of an admin user by including a script in the `page` field during a form post.

Due to a lack of CSRF mitigation and entity encoding in `pages/func-whois.php`, it is possible to execute scripts in the context of an admin user by including a script in the `domain` field, via the query string or a POST field.

Due to a lack of CSRF mitigation and entity encoding in the output generated by `/admin/view/huge_it_light_box.php`, it is possible to store and execute scripts in the context of an admin user.