Challenges List

Admin has the power  50 points  2601 solved

Administrators only has the power to see the flag , can you be one ?


Level: Easy

This is Sparta  50 points  1833 solved

Morning has broken today they're fighting in the shade when arrows blocked the sun they fell tonight they dine in hell


Level: Easy

share the ideas  100 points  784 solved

can you reveal the admin password ?


Level: Medium

Dark Project  100 points  27 solved

What kind of Project are you seeking for ?


Level: Medium

Join Team  100 points  535 solved

Flag safe in the server environment , can you reveal it.


Level: Medium

Iam Legend  50 points  816 solved

If I am a legend, then why am I so lonely?


Level: Easy

Weird Blog  200 points  150 solved

Das Kinda weird Just Do it


Level: Hard

Cool Name Effect  50 points  950 solved

Webmaster developed a simple script to do cool effects on your name, but his code not filtering the inputs correctly execute javascript alert and prove it.


Level: Easy

The Restricted Sessions  100 points  381 solved

Flag is restricted to logged users only , can you be one of them.


Level: Medium

Encrypted Database  50 points  727 solved

The company hired an inexperienced developer, but he told them he hided the database and have it encrypted so the website is totally secure, can you prove that he is wrong ??


Level: Easy

Newsletter  50 points  400 solved

the administrator put the backup file in the same root folder as the application, help us download this backup by retrieving the backup file name


Level: Easy

Searching for the cookie  100 points  35 solved

simple search website we need to know which cookie to eat ;)


Level: Medium

Wrong Token  200 points  70 solved

Request to the flag is forbidden due to wrong csrf token ... can you fix it and reveal the flag


Level: Hard

who is admin  100 points  496 solved

Your mission is to know who's the admin running this website by knowing his email.


Level: Medium

who am i?  50 points  141 solved

Do not Start a fight you can not stop it


Level: Easy

catch me if you can  100 points  68 solved

I'm Just wanna Make Sure if you Are Mr.Robot


Level: Medium

Black Inc.  100 points  62 solved

Black Inc is a file sharing website, however the file uploads was disabled by an administrator, can you change that or find a bypass?


Level: Medium

Blue Inc.  50 points  439 solved

Blue Inc is a new social media website that's still under construction, However it doesn't have registration yet, but if you are interested in seeing our website then you can login with demo/demo.


Level: Easy

bypass the world  100 points  161 solved

I Don't Care if the world is against you, but i believe that you can bypass the world


Level: Medium

admin gate first  100 points  179 solved

Flag is safe in the admin account info


Level: Medium

screenshot  200 points  23 solved

Developer is generating screenshots using internal api servers , flag is the front server hostname (not the api hostname) , can you extract it ??"


Level: Hard

Inbox  100 points  39 solved

The developer emailed the flag to the admin , can you get it.


Level: Medium