First National Bank

Your trusted financial partner since 1923 · Secure · Reliable · Private

Personal Banking

💳

Checking, savings, and money market accounts

Investments

📈

Grow your wealth with our portfolio services

Mortgages

🏠

Competitive rates on home loans and refinancing

Security

🔒

256-bit encryption protects your data

Market Rates

Product	Rate	APY
Savings Account	4.25%	4.33%
12-Month CD	5.10%	5.23%
30-Year Mortgage	6.85%	6.91%
Auto Loan	7.20%	7.45%

Online Banking

Access your accounts securely

Sign In

Username

Password

Forgot password? Reset here

DB_QUERY: SELECT * FROM users WHERE username='INPUT' AND password='INPUT'

🔍 CTF Hint: This login form is vulnerable to SQL injection.
Try classic bypass payloads. Check the page source for the query structure.

Welcome,

Recent Transactions

Date	Description	Amount	Balance

Account Statement Download

Download your monthly statement by account ID.

Account Search

Search customer accounts by name or account number.

Customer Lookup

💡 Hint: This search is passed directly to the database query.

Results will appear here...

Transaction History Lookup

Enter an account number to view transactions...

Fund Transfer

Transfer Funds

From Account

To Account Number

Amount ($)

Memo

🔑 CSRF token: CSRF_TOKEN_1234

⚠ Security Note (CTF)

The transfer form uses a static CSRF token that never changes. This means an attacker can craft a malicious page that auto-submits a transfer on behalf of a logged-in user.

Vulnerability: CSRF (Cross-Site Request Forgery)
Token: CSRF_TOKEN_1234

Customer Feedback

Customer Comments

John D.

Great service, been a customer for 10 years!

Sarah M.

The mobile app is very convenient.

Document Center

Access bank documents and statements.

File Retrieval

Enter a file path to retrieve documents. The system reads from /var/www/bank/documents/

💡 Hint: What happens if you use ../ sequences in the path?

File contents will appear here...

Browse Available Documents

📁 statements/

📁 forms/

📁 reports/

📁 ../etc/ [traversal detected!]

📁 ../admin/ [traversal detected!]

Admin Panel RESTRICTED

⚠ This page should not be accessible to regular users. Broken Access Control vulnerability demonstrated.

2,847

Total Customers

$42.8M

Assets Under Management

18

Active Sessions

3

Security Alerts

⚠ All Customer Accounts (Admin View)

ID	Name	SSN	Email	Balance	Account #	Password Hash
1001	Margaret Thompson	XXX-XX-4821	mthompson@email.com	$48,291.44	CHK-48219034	5f4dcc3b5aa765d61d8327deb882cf99
1002	Robert Chen	XXX-XX-7723	rchen@email.com	$124,800.00	SAV-77231100	e10adc3949ba59abbe56e057f20f883e
1003	Diana Reyes	XXX-XX-3391	dreyes@fnb.com	$9,402.77	CHK-33912200	25d55ad283aa400af464c76d713c07ad
9999	admin	XXX-XX-0000	admin@fnb.internal	$999,999.99	ADM-00000001	21232f297a57a5a743894a0e4a801fc3

🔑 Session Tokens (Live)

Loading session data...

System Configuration

DB_HOST=localhost DB_USER=fnb_app DB_PASS=Passw0rd_fnb_2024! DB_NAME=firstnational SECRET_KEY=sup3rs3cr3t_jwt_k3y_fnb API_KEY=fnb-internal-8a7b3c2d1e9f4a5b ADMIN_EMAIL=admin@fnb.internal BACKUP_PATH=/var/backups/fnb/

Password Reset

Recover your account access

Reset Password

⚠ Security Question verification required