You're going to be searching for the flags, using every skill and tool in your arsenal. Flags are placed in various locations -- they might be in a file, in the database, stuck into source code, or...

This lab has a horizontal privilege escalation vulnerability on a user account page. Let's try to exploit the vulnerabilities.

This lab is vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password.

This lab is subtly vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be found in the following wordlists.

In this lab, the source code is exposed through backup files located in a hidden directory. To complete the lab, you need to find and submit the database password, which is hard-coded within the le...

This lab controls access to certain admin functionality based on the Referer header. Let's solve the lab to exploit the flawed access controls and promote ourselves to become administrators.

This lab contains an access control vulnerability where sensitive information is leaked in the body of a redirect response.

There are some really weird files on Hacksparo's desktop. Let's find out what is really hiding from us. This room is about learning about zip files and how to uncover secrets in a zip file.

This lab contains a vulnerable image upload function. It doesn't perform any validation on the files users upload before storing them on the server's filesystem.

This lab has a stock check feature which fetches data from an internal system. Our task is to solve the lab by using the stock check functionality to scan the internal 192.168.0.X range for an admi...