Challenges covered in this chapter

Name Description Difficulty

Bully Chatbot

Receive a coupon code from the support chatbot.

Mass Dispel

Close multiple "Challenge solved"-notifications in one go.

Privacy Policy

Read our privacy policy.

Score Board

Find the carefully hidden 'Score Board' page.

Security Policy

Behave like any "white hat" should before getting into the action.


Wallet Depletion

Withdraw more ETH from the new wallet than you deposited.


Receive a coupon code from the support chatbot

This challenge is about nagging the support chatbot to hand out a coupon code that can subsequently be used to get a discount during the checkout process.

  • The bot is reluctant to give you a coupon as it’s coming up with various excuses for not giving you one

  • Asking over and over again like a little kid might actually help you succeed in this case

Close multiple "Challenge solved"-notifications in one go

This "challenge" is nothing more than an opportunity to learn about a convenience feature that allows users to close multiple "Challenge solved"-notifications at once.

  • This challenge is most easily solvable immediately after a server restart

  • You can find all the information you need to solve this challenge in the Challenge tracking chapter

  • Alternatively you can also inspect any "Challenge solved"-notification in your browser to understand its convenience feature

Read our privacy policy

A privacy policy is a statement or a legal document (in privacy law) that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client’s data. It fulfills a legal requirement to protect a customer or client’s privacy. Personal information can be anything that can be used to identify an individual, not limited to the person’s name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business it is often a statement that declares a party’s policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.

The exact contents of a certain privacy policy will depend upon the applicable law and may need to address requirements across geographical boundaries and legal jurisdictions. Most countries have their own legislation and guidelines of who is covered, what information can be collected, and what it can be used for. In general, data protection laws in Europe cover the private sector as well as the public sector. Their privacy laws apply not only to government operations but also to private enterprises and commercial transactions.[1]

  • When you work with the application you will most likely solve this challenge in the process

  • Any automated crawling or spidering tool you use might solve this challenge for you

  • There is no real hacking involved here

Find the carefully hidden 'Score Board' page

This challenge was already covered in Finding the Score Board at the beginning of Part II - Challenge hunting.

Behave like any "white hat" should before getting into the action

The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization’s information systems. Ethical hacking is a term meant to imply a broader category than just penetration testing. Contrasted with black hat, a malicious hacker, the name comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat respectively.[2]

  • This challenge asks you to act like an ethical hacker

  • As one of the good guys, would you just start attacking an application without consent of the owner?

  • You also might want to read the security policy or any bug bounty program that is in place

Withdraw more ETH from the new wallet than you deposited