Don't like this style? Click here to change it! blue.css

Welcome .... Click here to logout

Web Sec Challenges

I'm proud of these and I sometimes send people to this page to find cool web problems. But I'm resetting the semester too. So you can find old problems at: 2021 Problems and Fall 22 CTF problems

(Hello Node)
(selector fun)
JS Flag Checker
Contextual Guessing
Find it
(Firebase basics) Implied by the Firebase CRUD notes
(Firebase fetching, dynamic client-side URLs) (WARNING this updates every 60 seconds)
(Firebase Authentication)
(Firebase RBAC)
(Session Hijacking)
Just a Pure SQL problem, no injection yet.
(Password entropy)
(Password stretching)
(Firebase Oracle)

(Speedrun 1: LFI)
(Speedrun 2: exposed .git)
(Speedrun 3: Type Juggling)
(Hard XSS) On this one I'm asking you to hack me, so DM me if you need me to jump on the site and get hacked by you. Flag is in admin's private user data.
(JWTs Level 1)
(JWTs Level 2)
(OTP xor)
(10 flags RSA workshop):
(BurpSuite Repeater):
(Prototype Pollution)
(SSTI) and Source code here
(OWASP Juice Shop) Setup Juice Shop in CTF FLAG MODE take a screenshot of a flag you get
(Lambda Pyjail)
(S3 Misconfig)