WEB CSRF
Navigate to [http://10.10.10.28/csrf]. Kerry is naive and clicks on every link you send her, try using a csrf vulnerability to steal her money.
WEB SSTI
Navigate to [http://10.10.10.28/ssti], try exploiting the ssti to run arbitrary code and get the flag.
WEB SQLI
Navigate to [http://10.10.10.28/sqli], try exploiting the sqli to dump the users table. (sqlmap may be useful)
WEB-BOX #6 - Albums
Any way to get me access to this new album from my favourite band? (This one is a little tougher!)
WEB-BOX #5 - CSGO SKINS
My steam wallet is running low. I've tried all the logins we found previously. This might require something new?
WEB-BOX #4 - Ricflix
I want free access to movies.
WEB-BOX #3 - FBS
More passwords to find!
WEB-BOX #2 - Login
You've found the login page for the site. Can you get access?
WEB-BOX #1 - Pin
This is a basic pin brute force. You've been given access to this page with a 4 digit pin. Can you build a script to crack it?
Web #6
You're not admin, are you?
Web #5
Can you login to an account? (Try doing #4 first)
Web #4
Can you inject the login page?
Web #3
Hack the Network Test page . There's a cat binary is in the same directory as where you are, to run it use ./cat, the flag is in a file called flag.txt :)
Web #2
Another easy one, just look and pretend you're a robot 👀
Web #1
This is an easy one, just look around...