Second Side Quest started with exploiting an XML External Entity (XXE) vulnerability to perform a Server-Side Request Forgery (SSRF) attack on the machine associated with Advent of Cyber Day 5. Thi...

First Side Quest began by discovering the source code for a Flask web application on GitHub and finding this web application running on the machine associated with Advent of Cyber Day 1. By using t...

The Sticker Shop was a very simple room about exploiting a Cross-Site Scripting (XSS) vulnerability to steal the contents of a page and retrieve the flag. Initial Enumeration Nmap Scan We star...

Lookup started with brute-forcing a login form to discover a set of credentials. Using these credentials to log in, we found a virtual host (vhost) with an elFinder installation. By exploiting a co...

Mouse Trap was another purple team room where we started on the attacker side and exploited a remote code execution (RCE) vulnerability to gain a foothold. After that, we exploited an unquoted serv...

Hack Back started with reverse-engineering an executable file to discover an email address and a password. After that, we used these credentials to send a phishing email and obtain a shell. Lastly,...

SeeTwo was a room about extracting a basic C2 client from a packet capture file and reverse engineering it to understand its functionality. Using the same packet capture file, we then extracted the...

Whiterose started with discovering a virtual host and logging in with the credentials provided in the room. After logging in, we accessed a chat and, by modifying a parameter to view old messages, ...

Rabbit Hole was a room about exploiting a second-order SQL injection vulnerability to extract the currently running queries from the database. The goal was to discover a password embedded in a SQL ...

Mountaineer started by discovering a WordPress instance and identifying a plugin vulnerable to authenticated RCE. By exploiting the nginx off-by-slash vulnerability to read files on the server, we ...