Kerry is naive and clicks on every link you send her, try using a csrf vulnerability to steal her money. Box: luhack-web-0 Port: 8083 Url: [http://100.110.89.151:8083]

Try exploiting the ssti to run arbitrary code and get the flag. Box: luhack-web-0 Port: 8084 Url: [http://100.110.89.151:8084]

Try exploiting the sqli to dump the users table. (sqlmap may be useful) Box: luhack-web-0 Port: 8085 Url: [http://100.110.89.151:8085]

Any way to get me access to this new album from my favourite band? (This one is a little tougher!) Box: luhack-web-0 Port: 8082 Url: [http://100.110.89.151:8082]

My steam wallet is running low. I've tried all the logins we found previously. This might require something new? Box: luhack-web-0 Port: 8082 Url: [http://100.110.89.151:8082]

I want free access to movies. Box: luhack-web-0 Port: 8082 Url: [http://100.110.89.151:8082]

More passwords to find! Box: luhack-web-0 Port: 8082 Url: [http://100.110.89.151:8082]

You've found the login page for the site. Can you get access? Box: luhack-web-0 Port: 8082 Url: [http://100.127.159.170:8082]

This is a basic pin brute force. You've been given access to this page with a 4 digit pin. Can you build a script to crack it? Box: luhack-web-0 Port: 8082 Url: [http://100.127.159.170:8082]

You're not admin, are you? Box: luhack-web-0 Port: 8081 Url: [http://100.127.159.170:8081]

Can you login to an account? (Try doing #4 first) Box: luhack-web-0 Port: 8081 Url: [http://100.127.159.170:8081]

(broken, sorry. Try web-sqli instead) Can you inject the login page? Box: luhack-web-0 Port: 8081 Url: [http://100.127.159.170:8081]

Hack the Network Test page. Box: luhack-web-0 Port: 8081 Url: [http://100.127.159.170:8081]

Another easy one, just look and pretend you're a robot 👀 Box: luhack-web-0 Port: 8081 Url: [http://100.110.89.151:8081]

This is an easy one, just look around... Box: luhack-web-0 Port: 8081 Url: [http://100.110.89.151:8081]