Nzral

I’ve been struggling to figure out how to get this VPS to run multiple vulnerable web apps at the same time, since I’m also using it to host a BDS (Bedrock Dedicated Server). I could temporarily shut down the Minecraft server, but setting it up again later would be a hassle :(

For now, I’ll just stick with 3 stages. I’ve also finished writing the readme

It’s been a while since the last devlog. This update brings some major changes:

• Refactored the design to a neobrutalist style after some consideration. I liked it, so I decided to go all in.
• Added leaderboard and account pages
• Implemented a stage lock system (you must complete previous stages first)
• Switched submission time from server time to local time
• Fixed an issue where submission time was not updating
• Added various security headers
• Reorganized the project structure to make it cleaner
• Created a password generator to help new users create strong passwords

I forgot to make a devlog yesterday
I’ve added several changes:

• Fixed error when submitting flag
• Added stage 2
• Added submission page
• Create a responsive mobile menu

Finally, i’ve finished these features:

• Added the first stage with a real website
• Set up a VPS to host the vulnerable web and forward it via ngrok

I think designing even an easy quest is actually pretty complicated

Login works with username or email now. Added a landing page and story mode UI, more stages coming soon…

First time using supabase, it’s actually pretty easy to setup with its auth system

I need to reship it cuz my project was affected by partial payout issue, so i hope it will be fixed :)

I refactor password validation for better UX and I added demo mode cuz the user doesn’t need to sign up with real email for just testing

I already finished all the features and maybe this is my last devlog for this project

User

• Dark Mode
• Responsive UI
• OTP Verification with Resend
• Exam Timer
• Auto Submit When Timeout
• View Exam Result

Admin

• Dark Mode
• Responsive UI
• Create, Edit, Delete, and View Exam
• Manage User Account
• View Exam Result per User

If you want to try Admin Features login with Admin username and DReN9ULnpRsJaJ2 password

I forgot to enable wakatime 😔
There are some features i’ve been adding
For user:

• Exam timer
• Auto submit when timeout
• View exam result

For admin:

• Manage user accounts
• View exam results per user

This update adds admin-restricted API endpoints for exam retrieval and updates, supports question management (multiple choice, short answer, and matching), and ensures data consistency through transactional database operations and schema validation. As a result, admins can now easily view and edit exams from the admin dashboard

Add admin panel for exam management with admin-only role-based access, migrate middleware to proxy following Next.js 16 latest documentation (https://nextjs.org/docs/messages/middleware-to-proxy), and support multiple question types (multiple choice, short answer, matching).

Added ADMIN role!! For accessing admin dashboard and adding questions/answers tables to the database

I added a simple UI for the exams and settings pages. I also changed the previous password regex so that it doesn’t have to contain special characters so the password rules aren’t too strict. I also added an exams table to the database for prototyping. I’m not sure why it took longer than expected

I just created auth system using auth.js (credentials providers) and neon postgresql as the database, it supports login via email and JWT sessions. I also add OTP system with resend SMTP for verifying the email