Chain Race

Web [475 pts] Description: All files are included. Source code is the key. When we first visit the website, we see that there is an input for URLs and that this renders the HTML content below: After trying several PHP attack methods to try to get a foothold, using localhost:8080 provided the source code for… Continue reading Chain Race


Web [300 pts] Description: cache all the things (this is python3) This challenge provides us with source code: We see that their server is using Redis for caching and flask_caching library. Looking at the form, we see that each input is treated as a key (title) and value (content). Looking into the cache functions, I… Continue reading flask_caching

Template Shack

Web [150 pts] Description: Check out the coolest web templates online! When we first visit the site we are greeted with a normal dashboard and seems to use a template engine. So we know our exploit will involve templates. One useful information is the JWT, when decoded, gives this: So we know it is using… Continue reading Template Shack


Something went wrong. Please refresh the page and/or try again.