Challenges

Clear
All 96 Web 10 Pwn 7 Crypto 7 Forensics 7 Rev 6 Misc 7 OSINT 6 network 7 Mobile 10 Cloud 10 web3 10 Linux 9
Web Easy

Cookie Manipulation

A simple web application that uses cookies to determine user role. The cookie is not encrypted or signed - can you modify it to gain admin access? Learning Objectives: - Understanding HTTP cookies - Browser developer tools - Cookie manipulation techniques - Importance of cookie security Skills Required: - Basic web browsing - Browser DevTools Skills Learned: - Cookie inspection and modification - Session management basics - Client-side security failures

50 pts
14 solves 🩸
Web Easy

Cookie Monster

A login portal that grants guest access. Admin privileges reveal the flag. Analyze HTTP cookies.

100 pts
6 solves 🩸
Web Easy

JWT Algorithm Confusion

A simple web API that uses JWT tokens for authentication. The developer trusted the algorithm field in the JWT header. Can you forge an admin token?

100 pts
12 solves 🩸
Web Easy

Robots.txt Disclosure

find an information discloser bug

50 pts
10 solves 🩸
Web Easy

Stored XSS Comment Board

Inject JavaScript to steal admin cookie

150 pts
11 solves 🩸
Web Medium

Blind SQL Injection

A login form vulnerable to SQL injection. However, error messages are suppressed. You'll need to use time-based blind SQLi to extract the admin password. The database contains a 'secrets' table with a 'flag' column.

250 pts
9 solves 🩸
Web Medium

SQLi Shop

An e-commerce search feature vulnerable to SQL injection. A secrets table hides the flag.

250 pts
4 solves 🩸
Web Medium

SSTI Greet

A Flask greeting app that renders user input as a Jinja2 template. Exploit Server-Side Template Injection.

300 pts
5 solves 🩸
Web Hard

JWT Auth

A JWT authentication portal. The server accepts the 'none' algorithm, allowing unsigned token forgery.

400 pts
5 solves 🩸
Web Insane

SSRF + RCE Chain

A URL fetcher with an internal metadata service. Chain SSRF to reach the internal service, then use a custom header to achieve RCE and read the flag file.

500 pts
4 solves 🩸