Challenge

Trigger an alert pop-up with cookie values using Stored XSS.

Quest: Ensure Access & Identity in Google Cloud

Analyze the JavaScript code to reverse the logic and then submit the word ‘success’ in order to win.

Sam decided to make a music site. Unfortunately he does not understand Apache. This mission is a bit harder than the other basics.

This time Sam used a more temporary and ‘hidden’ approach to authenticating users, but he didn’t think about whether or not those users knew their way around javascript…

The password is again hidden in an unknown file. However, the script that was previously used to find it has some limitations. Requirements: Knowledge of SSI, unix directory structure.

The password is yet again hidden in an unknown file. Sam’s daughter has begun learning PHP, and has a small script to demonstrate her knowledge. Requirements: Knowledge of SSI (dynamic html executed by the server, rather than the browser)

The password is hidden in an unknown file, and Sam has set up a script to display a calendar. Requirements: Basic UNIX command knowledge.

An encryption system has been set up, which uses an unknown algorithm to change the text given. Requirements: Persistence, some general cryptography knowledge.

Similar to the previous challenge, but with some extra security measures in place. Requirements: HTML knowledge, JS or FF, an email address.