The C.O.P (Cult of Pickles) have started up a new web store to sell their merch. We believe that the funds are being used to carry out illicit pickle-based propaganda operations! Investigate the...

Shhh. Be very very quiet, no shouting inside the biblioteca. Hit ‘em with the classics. This machine starts off with a website containing a login screen. Enumeration $ nmap -sC -sV -A ...

This challenge allows us to apply one coupon. With a race condition we can exploit this so that we can redeem multiple coupons at the same time before the application can register that it has alrea...

This machine starts out with a website that allows the user to convert QR codes to text or vice-verse. The website also contains a link to download the source code. Foothold Debug downloaded app E...

Web - findme View the request through Burp picoCTF{proxies_all_the_way_be716d8e} Web - More SQL Use burp for this one, otherwise you miss the flag. In the login request use `x’ OR 1=1 –’ to do an ...

Web - Trapped View page source <script> window.CONFIG = window.CONFIG || { buildNumber: "v20190816", debug: false, modelName: "Valencia", correctPin: "8291", } </script&g...