Param Tampering

Exploit hidden form fields to escalate privileges

/start hidden_params

Total Solves

14m 5s

Avg Solve Time

First Blood Claimed

1m 33s

Record Time

// FIRST BLOOD

Grex 🩸

cracked in 26m 46s

// TOP 10 FASTEST

#1 「 ✦ Rimuru ✦ 」 1m 33s

#2 privalman 1m 46s

#3 † 𝓣𝓘𝓜 2m 11s

#4 harpy 3m 12s

#5 anderdingus 4m 55s

#6 Kael 5m 11s

#7 Rocostre 5m 27s

#8 spkz 6m 1s

#9 CipherWolf45🐺 7m 4s

#10 bussi 7m 26s

// RELATED · Intermediate TIER

Command Injection

WEB+SSH Chain OS commands through a web interface

★★☆☆☆

Database Bypass

WEB+SSH Bypass authentication with SQL injection

★★☆☆☆

Malicious Upload

WEB+SSH Upload a web shell past file filters

★★☆☆☆

XML Attack

WEB Read server files through XML entity injection

★★☆☆☆

Path Traversal

WEB+SSH Traverse directories to read sensitive files

★★☆☆☆

Script Kiddie

WEB+SSH Inject JavaScript to steal credentials

★★☆☆☆

Spawn this box.
Capture the flag.

Join the Discord and type /start hidden_params to spin up your own container.

join discord → sign in with discord

Param Tampering

// FIRST BLOOD

// TOP 10 FASTEST

// RELATED · Intermediate TIER

Spawn this box.Capture the flag.

Spawn this box.
Capture the flag.