Challenges

Clear
All 96 Web 10 Pwn 7 Crypto 7 Forensics 7 Rev 6 Misc 7 OSINT 6 network 7 Mobile 10 Cloud 10 web3 10 Linux 9
Misc Easy

Exposed Git Repository

A website accidentally exposed its .git directory. Can you download it and find the flag hidden in the commit history?

200 pts
7 solves 🩸
Misc Easy

Layer Cake

Multi-layered encoding: ROT13 → Base32 → Base64 → Flag. Peel each layer.

100 pts
5 solves 🩸
Misc Easy

Misconfigured S3 Bucket

A company left their S3 bucket publicly accessible. The bucket name follows a predictable pattern. Can you find it and access the sensitive files? Bucket naming pattern: company-[environment]-[year]-backups Company: acmecorp Environments: dev, staging, prod Years: 2024, 2025

100 pts
8 solves 🩸
Misc Easy

QR Quest

Flag hidden in QR code PNG metadata. Either scan a proper QR (generate with generate_qr.py) or extract from tEXt chunk.

200 pts
5 solves 🩸
Misc Medium

Radio Silence (Morse)

Morse code encoded message. Decode to find the flag. Special markers: { = .-.-.- } = -.-.-- _ = ..--.-

300 pts
3 solves 🩸
Misc Hard

Maze Runner

Navigate a 15x15 maze in under 100 moves. Scripting is recommended to solve the maze algorithmically.

400 pts
5 solves 🩸
Misc Insane

Grand Finale Chain

Multi-step challenge: find hidden message in WAV metadata → base64 decode → reveals the flag.

500 pts
3 solves 🩸