Web hacking challenges
Find the flags on the websites! Here we present you many web hacking challenges that you can use to practice.
On each site a flag is hidden somewhere. A flag is a special string in the following format: UiO-Hacking-Arena{Here's_the_flag}.
All of our challenges are running in a separated sandboxed enviroment. You can try and practice web hacking with our examples.
Difficulty levels:
Information Disclosure
Information disclosure is a type of vulnerability that can be used to obtain unintended information from a website.
Default settings
If the website contains default settings then the attacker can use it to achieve the aim.
The following exercises contain default settings.
Client side validation bypass
Brute forcing
Parameter tampering
Session fixation
Cross site scripting
Cross site request forgery
soon available
Clickjacking
soon available
Sql injection
Xpath injection
Server side template injection
soon available
File inclusion
Crypto with web
Unsecure file upload
soon available
Challenges without category