Navigate to []. Kerry is naive and clicks on every link you send her, try using a csrf vulnerability to steal her money.


Navigate to [], try exploiting the ssti to run arbitrary code and get the flag.


Navigate to [], try exploiting the sqli to dump the users table. (sqlmap may be useful)

WEB-BOX #6 - Albums

Any way to get me access to this new album from my favourite band? (This one is a little tougher!)


My steam wallet is running low. I've tried all the logins we found previously. This might require something new?

WEB-BOX #4 - Ricflix

I want free access to movies.


More passwords to find!

WEB-BOX #2 - Login

You've found the login page for the site. Can you get access?

WEB-BOX #1 - Pin

This is a basic pin brute force. You've been given access to this page with a 4 digit pin. Can you build a script to crack it?

Web #6

You're not admin, are you?

Web #5

Can you login to an account? (Try doing #4 first)

Web #4

Can you inject the login page?

Web #3

Hack the Network Test page . There's a cat binary is in the same directory as where you are, to run it use ./cat, the flag is in a file called flag.txt :)

Web #2

Another easy one, just look and pretend you're a robot 👀

Web #1

This is an easy one, just look around...