Script Kiddie

Inject JavaScript to steal credentials

/start xss

Total Solves

11m 49s

Avg Solve Time

First Blood Claimed

1m 8s

Record Time

// FIRST BLOOD

bussi 🩸

cracked in 14m 47s

// TOP 10 FASTEST

#1 Zyn 1m 8s

#2 † 𝓣𝓘𝓜 1m 26s

#3 #Run21ner ⚡ 1m 38s

#4 Mr_robot0h 2m 54s

#5 User 3872 3m 11s

#6 privalman 3m 45s

#7 Kael 4m 5s

#8 vwdg 4m 19s

#9 anderdingus 4m 29s

#10 F03ever 4m 52s

// RELATED · Intermediate TIER

Command Injection

WEB+SSH Chain OS commands through a web interface

★★☆☆☆

Database Bypass

WEB+SSH Bypass authentication with SQL injection

★★☆☆☆

Malicious Upload

WEB+SSH Upload a web shell past file filters

★★☆☆☆

XML Attack

WEB Read server files through XML entity injection

★★☆☆☆

Path Traversal

WEB+SSH Traverse directories to read sensitive files

★★☆☆☆

Vault Cracker

WEB+SSH Decode layered encoding to crack a vault

★★☆☆☆

Spawn this box.
Capture the flag.

Join the Discord and type /start xss to spin up your own container.

join discord → sign in with discord

Script Kiddie

// FIRST BLOOD

// TOP 10 FASTEST

// RELATED · Intermediate TIER

Spawn this box.Capture the flag.

Spawn this box.
Capture the flag.