1. clone the repo to your local machine
2. build and run the this small app in a docker container [5pt]
3. bruteforce the login to get into the app [5pt]
4. exploit the app through SQL injection to extract the flag [10pt]
5. enumerate the app to find the bonus flag [5pt]

have fun! :)