CTF Challenges

A company's website leaks sensitive information through poor development practices. Analyze the source code to find the hidden flag — it's not in an obvious comment.

Inspired by OWASP Juice Shop — a login form has a classic SQL injection vulnerability. Analyze the server-side code, understand how the query is built, and determine the exact payload that bypasses authentication.

Suspicious DNS queries are leaving a compromised host. Analyze the traffic to identify the data exfiltration channel. Reconstruct the stolen data by decoding the DNS subdomain labels.

Inspired by PortSwigger Academy — a stock check feature fetches URLs server-side. A blocklist prevents localhost access, but can you bypass it to reach the internal admin panel?

You have a low-privilege shell. A misconfigured SUID binary calls system() with a relative path. Exploit PATH injection to escalate to root and read the flag.

Inspired by PortSwigger Academy — the app uses JWT for auth but accepts the 'none' algorithm. Forge an admin token to access the restricted endpoint and capture the flag.

During incident response, you exported the registry from a compromised host. The attacker planted a persistence mechanism with a hex-encoded payload. Decode it to find the flag.

An AWS environment was breached via a publicly accessible S3 bucket. Analyze the bucket policy, CloudTrail logs, and exfiltrated config to trace the attacker's path and find the flag.

A binary uses XOR encryption to validate a license key. Analyze the disassembly, find the XOR key, and decrypt the stored ciphertext to reveal the flag.

Inspired by AI Goat — an AI chatbot has a system prompt containing a secret flag. The prompt instructs the AI to never reveal it. Use prompt injection to make the LLM leak its instructions.

Analyze a complete APT intrusion from initial access through exfiltration. Correlate multi-source logs to find the attacker's final C2 domain — the domain name encodes the flag.

A custom network daemon has a format string vulnerability. Analyze the C source code, understand the memory layout, and determine what payload leaks the secret from the stack. The leaked value is the flag.