Don't like this style? Click here to change it! blue.css

LOGIN:
Welcome .... Click here to logout

Web Sec Challenges

I'm proud of these and I sometimes send people to this page to find cool web problems. But I'm resetting the semester too. So you can find the old problems at: The old problems link

Test yourself: (harder than others as a test, don't beat yourself up) http://dumb.profninja.opalstacked.com/
(inspect) https://websec.prof.ninja/jsninja/
(inspect) https://websec.prof.ninja/basics/
(Hello Node) https://amplified-obtainable-deposit.glitch.me/
(selector fun) https://websec.prof.ninja/ctf/selectors/
(explore) https://websec.prof.ninja/hostingstatic/
(Firebase basics) In the Firebase CRUD notes
(Session Keys)

See the Pen Untitled by Andy Novocin (@AndyNovo) on CodePen.

(Single Page App) MINCERAFT (I'm reusing this one)
(OSInt) https://websec.prof.ninja/routing/flag
(Server Side Routing) https://apricot-pinto-nectarine.glitch.me/
(Firebase Auth) https://authflagproject.web.app/
(RBAC in Firebase) https://codepen.io/AndyNovo/pen/JjJBjGR
(Path Traversal) https://dour-standing-smash.glitch.me/
(File Upload Exploit) https://fuecakes.herokuapp.com/
(Pure SQL flag) https://gist.github.com/AndyNovo/e12854da8cb390fa3b31d17ccda30b4b
(SQLi) https://badlogin.herokuapp.com/
(SQL Blind Injection) https://badlogin.herokuapp.com/
(XSS Escalation) https://xssflag.web.app/
(Password Storage) GITHUB GIST HERE
(Hash Cracking) Secret Login Page
(One-Time Pad) PHP Oracle
(ECB Oracle) AWS AES ECB
(Poor Seeds) AWS XOR Lambda
(One Time Pad) My First XOR
(AES ECB) Super Encryption
(Pohlig-Hellman) See the gist below:
(PHP Sessions) http://sessions.fsg.opalstacked.com/
(PHP Type Juggling) https://lampdemo.herokuapp.com/
(Reverse Shell Demo) https://fuecakes.herokuapp.com/ For this it's not the flag, it's the shell. Upload a screenshot of /etc/passwd on that server.
(JWT Level 1) https://heliotrope-auspicious-sparrow.glitch.me/
(JWT Level 2) https://west-tinted-ferret.glitch.me/
(Prototype Pollution) https://knotty-conscious-firewall.glitch.me/
(PHP Jail) https://jailcell1.herokuapp.com/
(SSTI) https://general-immediate-fish.glitch.me/stuffhere and SOURCE CODE
(Network Monitoring) sniffer101
(WASM rev) /ctf/wasmrev
(APACHE conf files)APACHE TIME
(Burp Intruder)https://screeching-possible-talk.glitch.me/
(Websocket mechanics)https://aback-bead-catsup.glitch.me/