This machine is a medium Linux box and starts out with a website that shows a bunch of fitness related blogs. The website also has a login and registration page. ## Reconnaissance $ nmap -sC -s...
Don’t always trust what you can’t see. This machine starts off with a website that solves mathematical equations. On the website we can download the source code, which we can use to find out w...
The C.O.P (Cult of Pickles) have started up a new web store to sell their merch. We believe that the funds are being used to carry out illicit pickle-based propaganda operations! Investigate the...
Shhh. Be very very quiet, no shouting inside the biblioteca. Hit ‘em with the classics. This machine starts off with a website containing a login screen. Enumeration $ nmap -sC -sV -A ...
This challenge allows us to apply one coupon. With a race condition we can exploit this so that we can redeem multiple coupons at the same time before the application can register that it has alrea...
This machine starts out with a website that allows the user to convert QR codes to text or vice-verse. The website also contains a link to download the source code. Foothold Debug downloaded app E...
Web - findme View the request through Burp picoCTF{proxies_all_the_way_be716d8e} Web - More SQL Use burp for this one, otherwise you miss the flag. In the login request use `x’ OR 1=1 –’ to do an ...
Web - Trapped View page source <script> window.CONFIG = window.CONFIG || { buildNumber: "v20190816", debug: false, modelName: "Valencia", correctPin: "8291", } </script&g...
A new version of content is available.