Browse Scenarios

Explore 200+ hands-on cybersecurity challenges built around real-world scenarios and skills.

Showing 110 of 203 scenarios

HealthChk

MediumWeb Security

You've been handed access to a simple health check service, submit your database connection details, get a status back. Clean. Functional. Boring, even. But somewhere beneath that mundane interface, the application is doing something far more interesting with your input than it lets on. The developers anticipated attackers. They built a filter. They felt protected. Look closer at what the application is built on, and how old it is. Look closer at what happens to your data before it ever reaches the business logic. The protection in place guards against the obvious but the obvious isn't your only path in. Your goal is a shell. The flag is waiting. Flag format: flag{}

Insecure DeserializationRceUrl EncodingSource Code ReviewInput Validation

Secureh

EasyWeb Security

Do you think this basic code from one of my applications is secure? Flag Format: Flag{}

SsrfOwasp Top 10PhpSource Code ReviewHttp Headers

SecureZip

MediumSecure Coding

Go to /challenge/ and you will have access to a machine that has the source code of an app running in preview. Fix it to get the flag.Don't forget to read the rules. Flag Format: Flag{}

Input ValidationCode ReviewOwasp Top 10Command Injection PreventionInput Filtering

Updater

MediumMachines

we still don't put our app there do you think the server is secure to get the highest values of our root?

Service EnumerationDatabase ServiceMssqlPrivilege EscalationLinux PrivescPost Exploitation

Web Screen

MediumWeb Security

Welcome to our new service, screenshot your website and more . Flag Format: Flag{}

SsrfRceOwasp Top 10Input ValidationWebshell

WebZip

MediumWeb Security

We developed this service to help people, however it was hacked and someone acquired access to /flag.txt. Flag Format: Flag{}

LfrUnrestricted File UploadInput ValidationOwasp Top 10Directory Traversal

Certified Certification

EasyCryptography

We are flag org, we are an accredited organization. Look, check it yourself flag format: FLAG{}

CertificateSslTlsPkiOpenssl

Click me, heh

EasyWeb Security

Listen, I know buttons. I’ve seen the best buttons, I’ve seen the worst buttons. And let me tell you, this button? It’s a tremendous button. People come up to me, big guys, strong guys, they have tears in their eyes and they say, "Sir, how do we click it? What’s the secret?" And I tell them, it’s all about the touch. You have to have the right touch. Flag format: flag{}

ScrapingBurp SuitePythonBruteforce

Easiest flag

EasyBash

Man this is the easiest flag on this platform, I am literally giving it to you, but with some junk

AwkSedGrep

It takes one

EasyCryptography

It takes one key to protect my secret, and two encryptions!

AesEncryptionSymmetricKey ManagementCiphertext