Web Challenges

In web challenges, you’re handed a URL and told: "Find the flag." It looks like a normal website—but something’s off. Your job is to poke, prod, and break it.

You might find hidden routes, vulnerable forms, insecure cookies, or even a search box that’s wide open to injection. Anything from HTML comments to misconfigured sessions could be the key. Start with your browser’s DevTools, then move to curl or a proxy tool like Burp.

Sometimes you’re guessing inputs. Sometimes you’re solving puzzles. Sometimes there’s a form asking you for "the meaning of the universe." Whatever it is - view source, look closer, and never trust the UI.