Don't like this style? Click here to change it! blue.css

LOGIN:
Welcome .... Click here to logout

Web Sec Challenges

Intro Flag
(inspect) https://websec.prof.ninja/jsninja/
(inspect) https://websec.prof.ninja/basics/
https://amplified-obtainable-deposit.glitch.me/
(selector fun) https://websec.prof.ninja/ctf/selectors/
JS Flag Checker
Day 2 Flag
Day 2 Flag ?Tricky Version? (I rewrote this after playtesting this is the old one)
Day 3 Flag
Day 4 Flag: henhacks.prof.ninja
Day 5 Flag
Day 6 Flag
Contextual Guessing
Day 7 Flag
(Firebase fetching, dynamic client-side URLs) https://minceraft-game.web.app/ (WARNING this updates every 60 seconds)
Day 8 Flag
Day 9 Flag
Day 10 Flag
(Firebase basics) Implied by the Firebase CRUD notes
Day 11 Flag

Day 12 Flag
Day 13 Flag
Day 14 Flag
Day 15 Flag (maybe impossible?)
(Password stretching) https://gist.github.com/AndyNovo/0f92821ea081b33bdf706df13fc461b5
Day 16 Flag
Day 17 Flag
Day 18 Flag (I have no idea how easy/medium/hard this is, probably easy... maybe)
Day 19 Flag
Day 20 Flag
Day 21 Flag
(Speedrun 1: LFI)https://dtctf.herokuapp.com/
(Speedrun 2: exposed .git)https://pswd.fsg.opalstacked.com/
(Speedrun 3: Type Juggling)https://lampdemo.herokuapp.com/
(Speedrun 4: UNSERIALIZATION)Day 22 Flag
Day 23 Flag
Day 24 Flag
Day 25 Flag
Day 26 Flag
Day 27 Flag
Day 28 Flag
(10 flags RSA workshop): https://gist.github.com/AndyNovo/db07790dc9bd57a343de8a42d5b992ad
Day 29 Flag (BROKEN)
Day 30 Flag
Day 31 Flag
(S3 Misconfig) http://fall23webhost.s3-website-us-east-1.amazonaws.com/
Day 32 Flag: https://general-immediate-fish.glitch.me/stuffhere and Source code here
Day Before Break: Let's write a JWT problem
Day 33 Flag (OSINT)