Specter I — OSINT
L3 — JS Recon & API Discovery
700 pts+50 first-blood bonus—
First Blood: @nyxsentinel
Mission
Pull a single-page app's bundle apart for sourcemaps, hardcoded JWT secrets, hidden admin endpoints and vendored CVE-pinned libs. Three blogs citing the same wrong endpoint count as one source — verify against the bundle itself.
Why this matters in 2026
Every modern web target ships its own attack surface in compiled JS. Reading bundles is a baseline 2026 skill — the easy creds are in the client.
Connection Terminal
Host204.168.229.209 · Port 2233 · User specter3ssh [email protected] -p 2233SSH command copied to clipboard!
Password: locked — solve L2 first. After submission the per-player SSH password for this level becomes available here (different string from the flag itself).Each connection spawns a fresh ephemeral container — no shared shell, no cross-player residue. Disconnect tears it down.
Flag Submission
Log in to submit flags and track chain progress.
🩸
ACTIVE RECORDFirst Blood captured by