Challenges
Details of the challenges I have completed and the writeups of them. They are ordered in the order that I completed them, so you can see the way I went about solving them over time.
Tags Legend
Challenges that were easy took little extra research, and/or were solved within a little over an hour.
Challenges that were medium took a bit more research, and/or were solved within a few hours. They often involved either new concepts or utilised languages that I was not as familiar with.
Challenges that were hard took a lot of research, and/or were solved over the course of a few days. They often involved steps, each of which required a lot of effort to solve.
The main languages that were used in the challenge.
The main type of attack that was used in the challenge. This could be anything from a buffer overflow to a SQL injection.
JSCalc
A simple calculator that is poorly designed (using eval) and is vulnerable to a client-side attack.
Baby Nginxatsu
A website that dynamically generates Nginx configuration files based on user input. What could go wrong?
Pop Restaurant
A PHP application that was vulnerable to a POP chain attack, which eventually allowed for remote code execution.
Render Quest
A Go web application that allows users to provide a link to a template file and render it.
Insomnia
Another web challenge with a PHP backend, with a basic logic error leading to unintended consequences.
No Threshold
An application that is vulnerable from poorly configured settings, SQLi and rate limiting leading to admin access.
DoxPit
A hidden Python Flask application hiding behind a basic front-end that is susceptible to some crazy SSTI.