Description Author: chux Find the FLAG and win Intigriti swag! 🏆 The solution: Should leverage a remote code execution vulnerability on the challenge page. Shouldn’t be self-XSS or related ...

Description Author: kallenosf Lights, camera, action! Can you see behind the scenes? Note: Admins/Moderators access the app at http://web-app/ Solution Initial Look Facing the challenge, we ar...

Description Author: DrBrad I have made a new blog with a custom markdown parser, can you help me with the pentesting part? Solution Initial Look Facing the challenge, we are presented with a si...

Description Author: 0x999 Find the FLAG and win Intigriti swag! 🏆 The solution: Should work on the latest version of Chromium and FireFox. Should leverage a cross site scripting vulnerabili...

Description Can you steal the flag, even though I’m using the latest version of https://github.com/gotenberg/gotenberg? Individual instances can be started at the link below: https://lab1.kalmarc...

Description Do you like DNS-over-HTTPS? Well, I’m proxying https://dns.google/! Would be cool if you can find an XSS! Report to admin locally: curl http://localhost:8008/report -H "Content-Type: a...

Description To get the flag, you need: the mTLS cert, connecting from localhost, … and break physics? Should be easy! Challenge note: the handout files contains tls internal while the hosted chall...

Description I WANT TO BELIEVE. He can’t be all three. Something doesn’t add up! Author: @HuskyHacks Solution First Look The challenge is a simple PHP application composed of four files: index.ph...

Description Web-LOG? We-BLOG? Webel-OGG? No idea how this one is pronounced. It’s on the web, it’s a log, it’s a web-log, it’s a blog. Just roll with it. Author: @HuskyHacks Solution First Look ...

Description We’ve been working on a little side project - it’s a URL unfurler! Punch in any site you’d like and you’ll get the metadata, main image, the works. We’re publishing it open source soon,...