Challenge Description HELP MY ENTIRE HOUSE IS ON FIRE Exploit Check Security ~/labs/ctf/cyberblitz2025/pwn/fire_extinguisher ❯ file fire-extinguisher fire-extinguisher: ELF 64-bit LSB pie execu...

Challenge Description You are now enrolled as an SIT student, it is of good manners that you should introduce yourself and get to know more people! Exploit Check Security ~/labs/ctf/cyberblitz2...

Challenge Description I require help to read the flag. Help me please! Source Code ~/labs/ctf/cyberblitz2025/pwn/toy_gadget venv3 ❯ ~/labs/tools/ghidra.py gadget Functions Main Question ...

Challenge Description Simple URL shortener. What could go wrong? Source Code Analysis app.py (Server) http://web-oops-app:5000/ @app.route('/', methods=['GET', 'POST']) def index()...

Challenge Description I opened a contest to see who could create the most beautiful CSS styles. Feel free to submit your CSS styles to me and I will add them to my website to judge them. I’ll even...

Challenge Description XSS in Markdown fenced code block Source Code Analysis markdown.js function parseMarkdown(markdownText) { const lines = markdownText.split('\n'); let ht...

Challenge Description Improper use of parseInt leads to unexpected results Source Code Analysis app.post('/vote', async (req, res) => { const {vote} = req.body; if(typeof vote != 'num...

Challenge Description Rust is the most safest, fastest and bestest language to write web app! The code compiles, therefore it is impossible for bugs! Source Code Analysis async fn query(State(st...

Challenge Description Flask session secret key leaked Source Code Analysis import os from flask import Flask, render_template, session app = Flask(__name__) app.secret_key = "baby-web" FLAG = o...

Overview Machine begins with a subdomain enumeration, discovering dev.stocker.htb, where it is susceptible to a NoSQLi login bypass. Exploiting this vulnerability granted access to the cart checkou...