This machine starts off with a webpage that contains a series of cat pictures. Reconnaissance The standard Nmap scan that I normally ran, only scans the most common ports. For this box using th...

This box starts off with a web service that creates a basket that collects and inspects HTTP requests, it is accessible through a REST API or a web UI. Reconnaissance # Nmap 7.93 scan initiated W...

Hey, do a flip! We get the source code to a machine we can connect via netcat on port 1337. Reconnaissance Source Code import socketserver import socket, os from Crypto.Cipher import AES from C...

This box starts off with a website of a Secret Spy Agency. This website has an about page where you can encrypt and decrypt messages via pgp keys. Enumeration # Nmap 7.93 scan initiated Mon Jun 1...

This is a CTF hosted for Nahamcon. Web Star Wars - Medium We have a webpage with a blog post with a star wars theme. We can click the only blog post this blog has. We can post a comment that a...

Knock knock! Race condition. Who’s there? In the home directories of Walk, Run and Sprint you will find a vulnerable SUID binary, the C source code and a flag. Your task is to exploit the bina...

In this challenge you will explore some less common SQL Injection techniques. We have this new to-do list application, where we order our tasking based on priority! Is it really all that secur...

This machine doesn’t have a website to access. In the enumeration phase, we find a unknown open port. Once we find out what this port is associated with we can move further getting a foothold and e...

SecureSolaCoders has once again developed a web application. They were tired of hackers enumerating and exploiting their previous login form. They thought a Web Application Firewall (WAF) was too o...

This machine starts off with a login page for cacti. Cacti is a performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). It stores all of the necessa...