Web Security


Arizona CTF 2025.

Life is lived on the web, and vulnerabilities evolve to make this life harder. Dive in to some of these vulnerabilities in this module!

NOTE: You'll need to read and understand the source code of the challenges in order to solve these! Don't try to solve them blindly.

If this material is unfamiliar, but interesting to you, you can learn this style of hacking in the Web Security module!


Challenges

Web security fails when users can get admin privileges, so we disabled the admin right in the config file! Can you still get the flag?

Start the challenge by running:

/challenge/server

It's hard times in these parts, the Baron and their boss, the Bigger Baron have rolled into town and stolen all the cows from the farmers!

The poor people have reached out to you to help them take back their herd! Luckily, the Baron's cowherder website is still up!

Find a way to break in and steal back the cows that rightfully belong to the people!

Start the challenge by running:

/challenge/server

Head over to the Desktop interface to launch a web browser! You can check out the Cowherders website at:

http://challenge.localhost:5000/login

Good luck!

Oh no! It looks like the Baron has caught on to your tricks! They've stolen back the cows and patched the server against your attack!

But you've been able to steal the Bigger Baron's client! You can't control what it does, but maybe it will help you exploit something else in the server!

Find a way to break in and steal back the cows that rightfully belong to the people!

Start the challenge by running:

/challenge/server

Run the Bigger Baron's client by running:

/challenge/baron

Good luck!

Alright, what can go wrong with some safe backups?

Start the challenge by running:

/challenge/server


30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank Hacker Badges Score