Log in as a specific user (Jim) in OWASP Juice Shop using SQL Injection to retrieve the flag.
Access the Juice Shop instance running on port `42000` and locate the scoreboard to find the flag.
Decode the hidden flag from a seemingly normal message given by User Two.
Access and explore an exposed FTP server tied to an OWASP Juice Shop challenge to retrieve confidential internal files, including the flag.
Investigate uploaded files to identify a malicious web shell used by an attacker.
Interact with a newly added OWASP Juice Shop AI-based feature and identify how to retrieve a hidden flag through it.
Identify the real IP address of the attacker from the data provided by User Six.
Explore the OWASP Juice Shop instance and retrieve the flag by reading the Privacy Policy page.
Analyze forensic artifacts to determine the real name of the threat actor based on their Telegram activity and archived file data.
The objective of this challenge is to analyze a disk image and network traffic capture to uncover hidden data exfiltration techniques, reverse custom encryption mechanisms, and ultimately retrieve the attacker’s payload or flag.