takito1812/web-hacking-playground — reverse-engineered prompt
Reverse engineered prompt
Build me a local web hacking playground I can run with Docker on my machine. I want one intentionally vulnerable web app that feels like a small social network, plus a separate exploit server that simulates a victim opening malicious links. Make it a controlled training lab based on real pentest and bug bounty style issues, with three stages that build on each other. First I should be able to get into any user account, then become admin, then finally read a flag file.
Please make the lab feel like a black box challenge, not something people are supposed to solve by reading the source, and it should not depend on brute force or fuzzing. I want it easy to start with a simple Docker setup, and I need clear instructions for getting both apps running locally, adding the right hostnames to the hosts file, and using a proxy tool like Burp if I want to inspect traffic. If possible, include optional solutions in a separate place so they do not spoil the main experience. Look up current docs online if you need to.
Want more depth? Deep Reverse