Locate and extract the flag by investigating a provided file or image (`zero:welcome`). The goal is to navigate the user profile and identify credentials or indicators of compromise from accessible paths.
Identify and decode a simple obfuscated message left by a previous user.
Exploit a vulnerable login form in OWASP Juice Shop using classic SQL Injection techniques to retrieve the flag.
Access and manipulate a custom Rubik’s Cube web challenge under restricted user sessions to retrieve the flag.
Exploit session manipulation in OWASP Juice Shop to gain access to another user's basket and retrieve the flag.
Exploit a vulnerable custom web application that evaluates function names passed via URL parameters without proper validation.
Exploit OWASP Juice Shop by registering a user with empty input values to trigger a vulnerable behavior and obtain the flag.
Interact with a restricted terminal environment and extract the contents of the `flag.txt` file using limited command-line capabilities.
Log in as admin via SQL Injection and delete all 5-star feedback entries to retrieve the flag.
Unzip a series of recursively compressed ZIP files, collect password fragments from each layer, and use the final combined password to extract the flag.