July 4, 2026
Fools Mate — Writeup
After an initial nmap scan, only two services were exposed:
By Sackeyemmanuelfynn
- 22/tcp — SSH
- 80/tcp — HTTP
Navigating to the web server on port 80 revealed an interactive chessboard. The position was loaded with White to move and a mate-in-one available: a1 → a8.
Attempting to play that move through the UI triggered a client-side blocker with the message: "I'll shut down your PC if you play that." Inspecting the page source confirmed the existence of a preMoveCheck function that would reject any move leading directly to checkmate.
To bypass this client-side validation, I captured the move request using Burp Suite and replayed it directly to the API endpoint:
Takeaway: Never trust client-side restrictions; always test the backend directly.