Web
Robot's Secrets
Welcome to our humble website! We're just getting started and are trying to keep some parts of our site private from search engines. Can you find anything interesting we might have overlooked?
Open Sesame
You've discovered a new note-taking service. The developer claims it's secure because each user can only access their own notes. However, rumors suggest there's a special note that only admins can see, containing a secret flag. Can you find a way to access it?
Over Bank
Welcome to the Over Bank Secure Bank Deposit System! Our cutting-edge financial platform implements robust security measures that our engineering team guarantees will prevent any balance manipulation:
Positive-only deposits with strict validation preventing any withdrawal attempts
Real-time balance tracking with comprehensive overflow protection
Advanced arithmetic safeguards using industry-standard integer handling
Our security team has extensively tested the system and believes it's mathematically impossible to achieve a negative balance through deposits alone. The system only allows positive money additions and validates all arithmetic operations.
Neet A Reset
Your goal is to gain access to the system administration area.
Test in Prod
You've discovered a seemingly simple login portal for a company's internal tool. The developers have claimed it's secure, but rumor has it that there's a hidden admin API endpoint they forgot to secure. Can you find it and access the secret flag?
Dependency Dilemma
We've gained access to the logs of a hastily deployed web application. It's failing to start, throwing errors about a missing external component.
However, knowing the maintainer's sometimes chaotic development practices, we suspect something might have been left behind in the component's history. Maybe an old debug message? Or perhaps something more... interesting?
Your mission is to trace the source of the error and dive into the history of the problematic dependency to see what secrets it holds.
Shape Shifter
Unicode Normalization Bypass
Welcome to Unicode Wizard, our cutting-edge multilingual platform! We've implemented comprehensive security measures that our team is confident will prevent any admin impersonation attempts:
Advanced homoglyph detection that catches Cyrillic, Greek, and mathematical look-alike characters
Multi-pattern admin username filtering with case-insensitive matching
Unicode NFKC normalization for consistent storage across all languages
Real-time security validation on all user inputs
Our security team has tested extensively and believes it's impossible to register as an administrator. The system blocks variations of "admin", checks for homoglyphs, and normalizes Unicode properly.
Can you prove them wrong and find a way to become an admin user to retrieve the flag?
Recycled Code
We've set up a new secure login system using Time-based One-Time Passwords (TOTP) for our admin panel.
We've also got a test user account that might have some leftover debug features enabled.
Can you leverage this to get into the admin panel?
Credentials:
Test User: testuser / password123
Admin User: admin / supersecretadminpass
Lite N Easy
You've discovered a simple employee directory for a company called "SecureCorp". The flag is stored somewhere on the server. Can you extract the flag?
A Step Back to Leap Forward
You've discovered a simple document viewer application called "DocView" that allows users to access various public documents stored on the server. Can you find a way to access the hidden flag?
Last updated