How to Hack the Base!

We recently conducted our first publicly accessible hack-the-base challenge, which saw over 290 participants. The challenge involved finding nine hidden flags within a Supabase project's database, requiring various techniques such as HTML inspection, DNS queries, and exploiting schema vulnerabilities. Participants had to navigate through a series of hoops, including client-side validation, using tools like Burp Suite and cURL, to uncover the flags. The final flag required connecting to an EC2 instance in AWS, installing a Postgres client, and querying a database table to retrieve the last piece of information. Overall, the challenge provided a comprehensive introduction to web application security testing and exploitation techniques.