Welcome an Introduction to Capture The Flag (CTF)!
Application Instance: https://ctf-X.herokuapp.com/ (where X is your Instance Name)
Once the CTF starts, you can use the “Challenges” screen to enter your flags. You should search for the challenge name on the challenges screen.
If you miss your flag for some reason, you can go to the scoreboard screen of the vulnerable application and click on the green button to see it again.
You might want to check out the OWASP Top 10.
Breaking the following rules will lead to deduction of points or disqualification.
- Your scope is limited your own application instance, port 443
- No DOS/DDOS-attacks!
- No interfering with other teams’ JuiceShop-instances, traffic or anything else related to another team or the organizers
- No using Burp Scanner (or other similar tools)
- No Googling around for solutions
- No tampering with or attacking the scoreboard app
- You may not tamper with the database table related to your challenge progress.
- If you’re unsure sure about something, ask 🙂
Well suited tasks
- XSS Tier 0 ( ⭐️ )
- XSS Tier 1 ( ⭐️ )
- Admin Section ( ⭐️ )
- Confidential Document ( ⭐️ )
- Christmas Special ( ⭐️⭐️ )
- Basket Access ( ⭐️⭐️ )
- Forgotten Sales Backup ( ⭐️⭐️⭐️ )
- Forgotten Developer Backup ( ⭐️⭐️⭐️⭐️ )
- CSRF ( ⭐️⭐️⭐️⭐️ )
- User Credentials ( ⭐️⭐️⭐️⭐️ )
- Forged Coupon ( ⭐️⭐️⭐️⭐️⭐️⭐️ )