This is a medium Linux box on TryHackMe. Try to get the two flags! Root the machine and prove your understanding of the fundamentals! This is a virtual machine meant for beginners. Acquiri...

This machine starts off with a simple homepage where the user can search for a query and they can get redirected to a the site they selected. This website covers most commercial websites such as wi...

This machine is a medium Linux box and starts out with a website that shows a bunch of fitness related blogs. The website also has a login and registration page. ## Reconnaissance $ nmap -sC -s...

Don’t always trust what you can’t see. This machine starts off with a website that solves mathematical equations. On the website we can download the source code, which we can use to find out w...

The C.O.P (Cult of Pickles) have started up a new web store to sell their merch. We believe that the funds are being used to carry out illicit pickle-based propaganda operations! Investigate the...

Shhh. Be very very quiet, no shouting inside the biblioteca. Hit ‘em with the classics. This machine starts off with a website containing a login screen. Enumeration $ nmap -sC -sV -A ...

This challenge allows us to apply one coupon. With a race condition we can exploit this so that we can redeem multiple coupons at the same time before the application can register that it has alrea...

This machine starts out with a website that allows the user to convert QR codes to text or vice-verse. The website also contains a link to download the source code. Foothold Debug downloaded app E...

Web - findme View the request through Burp picoCTF{proxies_all_the_way_be716d8e} Web - More SQL Use burp for this one, otherwise you miss the flag. In the login request use `x’ OR 1=1 –’ to do an ...

Web - Trapped View page source <script> window.CONFIG = window.CONFIG || { buildNumber: "v20190816", debug: false, modelName: "Valencia", correctPin: "8291", } </script&g...