Web



Challenges

Check out my new golf website! Can you get a hole-in-one?

Hint: This challenge is from the DOM Clobbering module of the Web Security Dojo

Author: RenegadePenguin

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

I don't get why we need to have a content security policy when we can just sanitize HTML...

Hint: This challenge is from the DOM Clobbering module of the Web Security Dojo

Author: RenegadePenguin

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

DECLASSIFICATION ARCHIVE // CASE FILE: ██████-███

WARNING: DATA SUBJECT TO THE STATE SECRETS ACT OF ████


DECLASSIFIED OPERATION: SPRINGBOARD

The document below was lifted from a compromised relay during a midnight ████ on the ███████████ forward signals node. This is the last clean intercept of their ██████ ██████ ████ before the station ran dark and the operators ██████ the ████.


CLASSIFICATION: CONFIDENTIAL // ORCON

CATEGORY: WEB, PWN
AUTHOR: FLUFFY

DECLASSIFIED OPERATIONAL INTEL

The asset is an open intake portal. Every dispatch is held for clearance by an automated ████████ on a fixed rotation. This overseer is the sole ████ holding the privileged ███████ ██████ you require, and it will █████ whatever address it is handed. Your cover identity holds nothing of value.

The architect trusted the front-end past doctrine. A ████ between two contending ████████ leaves the station holding █████ it never meant to keep. A ███████████ ███████ can be ███████ under a trusted name until the genuine █████████ is ████████, and a single ███████ █████ seeded at the ██████ ████ bleeds into every object beneath it. Drive these against the ████████ and it breaks from its handlers, running your ███████ under its own █████████ until the station is yours.

That foothold drops you into a ████. The root-held ████ sits past a ████████ your process cannot cross. But a privileged ██████ idles in the restricted ██████████ directory, ███████ cleared to cross the very ████ that contains you. █████ your ███████ in the ████ scratch space, let the ██████ ███████ it, and ██████ off its borrowed █████████ to clear the wall.

Your primary objective is to seize the ████████ that holds the keys and ride the ███████ past the line to recover the ████.

Your secondary objective is to determine, from any artifact left behind, whether the architect leaps the way an actual fox does.

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

Rank Hacker Badges Score