Web Sec Challenges

I'm proud of these and I sometimes send people to this page to find cool web problems. But I'm resetting the semester too. So you can find the old problems at: The old problems link

(Session Keys)

See the Pen Untitled by Andy Novocin (@AndyNovo) on CodePen.

(Single Page App) MINCERAFT (I'm reusing this one)

(OSInt) https://websec.prof.ninja/routing/flag

(Server Side Routing) https://apricot-pinto-nectarine.glitch.me/

(Firebase Auth) https://authflagproject.web.app/

(RBAC in Firebase) https://codepen.io/AndyNovo/pen/JjJBjGR

(Path Traversal) https://dour-standing-smash.glitch.me/

(File Upload Exploit) https://fuecakes.herokuapp.com/

(Pure SQL flag) https://gist.github.com/AndyNovo/e12854da8cb390fa3b31d17ccda30b4b

(SQLi) https://badlogin.herokuapp.com/

(SQL Blind Injection) https://badlogin.herokuapp.com/

(XSS Escalation) https://xssflag.web.app/

(Password Storage) GITHUB GIST HERE

(Hash Cracking) Secret Login Page

(One-Time Pad) PHP Oracle

(ECB Oracle) AWS AES ECB

(Poor Seeds) AWS XOR Lambda

(One Time Pad) My First XOR

(AES ECB) Super Encryption

(Pohlig-Hellman) See the gist below:

(PHP Sessions) http://sessions.fsg.opalstacked.com/

(PHP Type Juggling) https://lampdemo.herokuapp.com/

(Reverse Shell Demo) https://fuecakes.herokuapp.com/ For this it's not the flag, it's the shell. Upload a screenshot of /etc/passwd on that server.

(JWT Level 1) https://heliotrope-auspicious-sparrow.glitch.me/

(JWT Level 2) https://west-tinted-ferret.glitch.me/

(Prototype Pollution) https://knotty-conscious-firewall.glitch.me/

(PHP Jail) https://jailcell1.herokuapp.com/

(SSTI) https://general-immediate-fish.glitch.me/stuffhere and SOURCE CODE

(Network Monitoring) sniffer101

(WASM rev) /ctf/wasmrev

(APACHE conf files)APACHE TIME

(Burp Intruder)https://screeching-possible-talk.glitch.me/

(Websocket mechanics)https://aback-bead-catsup.glitch.me/

(Steganography)