War Zone

CTF-style challenges — capture the flags, earn points

Solved

Total

400

Points Earned

14%

Completion

Cookie Monster

Exploit insecure cookie handling to escalate your privileges in the web app.

EasyWeb

100 pts

234 solves

15 min

SQL Slayer

Bypass the login form using SQL injection and extract the admin credentials.

EasyWeb

100 pts

189 solves

20 min

XSS Playground

Find and exploit a stored XSS vulnerability. Steal the admin's session token.

MediumWeb

200 pts

87 solves

30 min

New

SSRF Explorer

Leverage SSRF to access the internal metadata service and retrieve secrets.

MediumWeb

250 pts

56 solves

45 min

JWT Juggler

Crack the weak JWT signing key and forge an admin token to access the API.

MediumWeb

250 pts

43 solves

40 min

Command Injection

The ping utility doesn't sanitize input. Exploit it to read /etc/passwd.

HardWeb

400 pts

21 solves

1 hr

Deserialization Doom

Exploit insecure deserialization in the Java backend to achieve RCE.

HardWeb

500 pts

12 solves

1.5 hr

Zero Day Forge

Chain multiple vulnerabilities to achieve full system compromise on the target.

InsaneWeb

1000 pts

3 solves

3+ hr