This is a fairly new challenge at the time of creating this write-up with only around 200 solves and no active write-ups. The challenge starts of with a webpage that renders template (.tpl) files ...

This box starts off with a web application that offers hosting services. Reconnaissance $ nmap -sC -sV -oN nmap_result 10.10.11.230 Starting Nmap 7.93 ( https://nmap.org ) at 2023-09-08 11:59 C...

This machine starts off with a webpage that contains a series of cat pictures. Reconnaissance The standard Nmap scan that I normally ran, only scans the most common ports. For this box using th...

This box starts off with a web service that creates a basket that collects and inspects HTTP requests, it is accessible through a REST API or a web UI. Reconnaissance # Nmap 7.93 scan initiated W...

Hey, do a flip! We get the source code to a machine we can connect via netcat on port 1337. Reconnaissance Source Code import socketserver import socket, os from Crypto.Cipher import AES fro...

This box starts off with a website of a Secret Spy Agency. This website has an about page where you can encrypt and decrypt messages via pgp keys. Enumeration # Nmap 7.93 scan initiated Mon Jun 1...

This is a CTF hosted for Nahamcon. Web Star Wars - Medium We have a webpage with a blog post with a star wars theme. We can click the only blog post this blog has. We can post a comment that a...

Knock knock! Race condition. Who’s there? In the home directories of Walk, Run and Sprint you will find a vulnerable SUID binary, the C source code and a flag. Your task is to exploit the b...

In this challenge you will explore some less common SQL Injection techniques. We have this new to-do list application, where we order our tasking based on priority! Is it really all that se...

This machine doesn’t have a website to access. In the enumeration phase, we find a unknown open port. Once we find out what this port is associated with we can move further getting a foothold and e...