WWW Content failure 1x weight estimate

Web admin login fails. expected credentials are `admin` / `admin123`

admin was unable to login

Events

949

Pts per check

1.4

Pts missed

1,318.1

Teams hit

5/13

Authority mappings

Which work roles, knowledge units, and EWU courses this error pattern touches. Hover for context, click to drill in.

DCWF roles: CE-463 Host Analyst CS-622 Secure Software Assessor IT-421 Database Administrator IT-451 System Administrator SE-461 Systems Security Analyst

Knowledge Units: CD-DAT Databases CD-OSA Operating Systems Administration CD-WAS Web Application Security

EWU courses: CSCD212 CSCD380

What the message means

The scoring engine does `POST /login` with username `admin` and password `admin123` on `http://team<N>.ncaecybergames.org/`. The login is being rejected. At the 2026-03-14 regional only 2 of 13 teams got ANY WWW Content uptime. this is a **high-value free-points bug**.

Why the service is down

Web app admin password is something other than `admin123`.
Admin user has been disabled or renamed.
Web app uses a different login endpoint than `/login`.
DocumentRoot is serving a plain static page with no login mechanism.

Commands in order

1. 1. Identify the web app

ls -la /var/www/ ; ls -la /srv/www/ 2>/dev/null

Expect

A directory with PHP/Python/Ruby files

Interpret and next

Empty = Apache is serving the default debian page. You need to deploy the real app.
2. 2. Guess the login endpoint

curl -sI http://localhost/login http://localhost/admin http://localhost/wp-login.php

Expect

Any response other than 404 indicates the login path

Interpret and next

404 on all: check the app's routes file or README.
3. 3a. WordPress? Reset admin password

wp user update admin --user_pass=admin123 --path=/var/www/html --allow-root

Expect

Success: admin password updated

Interpret and next

If wp-cli not installed: `apt install -y wp-cli` or set via mysql directly.
4. 3b. Flat-file PHP? Grep for the password hash

grep -rn -E "password|passwd|admin" /var/www/ 2>/dev/null | head

Expect

Locates config or users file

Interpret and next

Edit the file directly. md5/sha1 hashes can be computed: `echo -n admin123 | md5sum`.
5. 3c. Postgres-backed app?

sudo -u postgres psql -d <webapp_db> -c "UPDATE users SET password_hash = crypt('admin123', gen_salt('bf')) WHERE username='admin';"

Expect

UPDATE 1

Interpret and next

If `crypt` fn missing: `CREATE EXTENSION pgcrypto;` first.
6. 4. Verify admin login works

curl -sd 'username=admin&password=admin123' http://localhost/login -o /dev/null -w '%{http_code}\n'

Expect

200 or 302 (302 = redirect after successful login)

Interpret and next

401/403 = still wrong. Check the app's logs for the actual rejection reason.

Decision tree

Answer each question to route to the right fix.

Q: Is there a web app at /var/www?

Yes:

Q: WordPress/Joomla/etc?

Yes: Use wp-cli or the app's password-reset tool.

No:

Q: Uses a database?

Yes: UPDATE users table to set admin password to admin123 hash.

No: Grep config files for the current password, overwrite.

No: Deploy the competition app or check if it's elsewhere.