Root-Me/HTTP - Open redirect·10ptsHTTP - Open redirect — Root-MeServer-side web task HTTP - Open redirect.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/PHP - Command Injection·10ptsPHP - Command Injection — Root-MeServer-side web task PHP - Command Injection.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/Weak password·10ptsWeak password — Root-MeFor Weak password, the backend trusts headers and cookies too much.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/HTTP - IP restriction bypass·10ptsHTTP - IP restriction bypass — Root-MeFor HTTP - IP restriction bypass, the backend trusts headers and cookies too much.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/HTML - Source code·5ptsHTML - Source code — Root-MeFor HTML - Source code, the backend trusts headers and cookies too much.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/Javascript - Obfuscation 1·10ptsJavascript - Obfuscation 1 — Root-MeFor Javascript - Obfuscation 1, the attack surface lives in front-end validation.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/Javascript - Authentication 2·10ptsJavascript - Authentication 2 — Root-MeClient-side web challenge Javascript - Authentication 2.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/Javascript - Source·5ptsJavascript - Source — Root-MeClient-side web challenge Javascript - Source.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/Javascript - Authentication·5ptsJavascript - Authentication — Root-MeClient-side web challenge Javascript - Authentication.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/HTML - disabled buttons·5ptsHTML - disabled buttons — Root-MeClient-side web challenge HTML - disabled buttons.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/Twitter Secret Messages·10ptsTwitter Secret Messages — Root-MeOn Twitter Secret Messages, files look innocent at first glance.Forensicseasy#root-me#easy#forensicsMay 26, 2026
Root-Me/Steganomobile·10ptsSteganomobile — Root-MeOn Steganomobile, files look innocent at first glance.Forensicseasy#root-me#easy#forensicsMay 26, 2026
Root-Me/Dot and next line·10ptsDot and next line — Root-MeChallenge Dot and next line: layered images and subtle LSB patterns.Forensicseasy#root-me#easy#forensicsMay 26, 2026
Root-Me/EXIF - Metadata·5ptsEXIF - Metadata — Root-MeOn EXIF - Metadata, files look innocent at first glance.Forensicseasy#root-me#easy#forensicsMay 26, 2026
Root-Me/It happens, sometimes·10ptsIt happens, sometimes — Root-MeRealistic scenario It happens, sometimes blending multiple weak services.Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/TCP - The Roman wheel·10ptsTCP - The Roman wheel — Root-MeProgramming puzzle TCP - The Roman wheel focused on algorithmic constraints.Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/TCP - Encoded string·10ptsTCP - Encoded string — Root-MeProgramming puzzle TCP - Encoded string focused on algorithmic constraints.Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/TCP - Back to school·5ptsTCP - Back to school — Root-MeWalkthrough for TCP - Back to school: data structure tradeoffs, boundary cases, and how to derive the expected output without leaking full contest automation code..Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/NTLM - Authentication·10ptsNTLM - Authentication — Root-MeWalkthrough for NTLM - Authentication — routing quirks, protocol state confusion, and turning a man-in-the-middle vantage into actionable host intelligence..Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/Kerberos - Authentication·10ptsKerberos - Authentication — Root-MeWalkthrough for Kerberos - Authentication — routing quirks, protocol state confusion, and turning a man-in-the-middle vantage into actionable host intelligence..Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/DNS - zone transfert·10ptsDNS - zone transfert — Root-MeFor DNS - zone transfert, traffic analysis reveals a covert channel.Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/CISCO - password·10ptsCISCO - password — Root-MeWalkthrough for CISCO - password — routing quirks, protocol state confusion, and turning a man-in-the-middle vantage into actionable host intelligence..Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/ETHERNET - frame·5ptsETHERNET - frame — Root-MeFor ETHERNET - frame, traffic analysis reveals a covert channel.Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/TELNET - authentication·5ptsTELNET - authentication — Root-MeNetwork challenge TELNET - authentication: packet captures and protocol oddities.Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/FTP - authentication·5ptsFTP - authentication — Root-MeWalkthrough for FTP - authentication — routing quirks, protocol state confusion, and turning a man-in-the-middle vantage into actionable host intelligence..Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/Deleted file·5ptsDeleted file — Root-MeChallenge Deleted file: log triage and artifact correlation.Forensicseasy#root-me#easy#forensicMay 26, 2026
Root-Me/CISCO - Salted Password·10ptsCISCO - Salted Password — Root-MeFor CISCO - Salted Password, ciphertext structure suggests hybrid encoding.Cryptoeasy#crypto#root-me#easyMay 26, 2026
Root-Me/Shift cipher·10ptsShift cipher — Root-MeCrypto challenge Shift cipher: classical cipher layers and modular arithmetic.Cryptoeasy#crypto#root-me#easyMay 26, 2026
Root-Me/Hash - SHA-2·5ptsHash - SHA-2 — Root-MeCryptanalysis path for Hash - SHA-2 — algebraic manipulation, small subgroup checks, and a plausible attack narrative without dumping complete secret material..Cryptoeasy#crypto#root-me#easyMay 26, 2026
Root-Me/Hash - Message Digest 5·5ptsHash - Message Digest 5 — Root-MeCryptanalysis path for Hash - Message Digest 5 — algebraic manipulation, small subgroup checks, and a plausible attack narrative without dumping complete secret material..Cryptoeasy#crypto#root-me#easyMay 26, 2026
Root-Me/Encoding - ASCII·5ptsEncoding - ASCII — Root-MeCrypto challenge Encoding - ASCII: classical cipher layers and modular arithmetic.Cryptoeasy#crypto#root-me#easyMay 26, 2026
Root-Me/ELF C++ - 0 protection·10ptsELF C++ - 0 protection — Root-MeOn ELF C++ - 0 protection, the notes explain tracing a license routine, defeating superficial packers, and extracting the comparison secret without publishing raw keys..Reverse Engineeringeasy#root-me#easy#crackingMay 26, 2026
Root-Me/PE x86 - 0 protection·5ptsPE x86 - 0 protection — Root-MeChallenge PE x86 - 0 protection mixes obfuscation and anti-debug hints.Reverse Engineeringeasy#root-me#easy#crackingMay 26, 2026
Root-Me/ELF x86 - 0 protection·5ptsELF x86 - 0 protection — Root-MeChallenge ELF x86 - 0 protection mixes obfuscation and anti-debug hints.Reverse Engineeringeasy#root-me#easy#crackingMay 26, 2026
Root-Me/PE32 - Stack buffer overflow basic·10ptsPE32 - Stack buffer overflow basic — Root-MeSystem-level challenge PE32 - Stack buffer overflow basic on Linux/Windows boundaries.Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/ELF x86 - Stack buffer overflow basic 1·5ptsELF x86 - Stack buffer overflow basic 1 — Root-MeWalkthrough for ELF x86 - Stack buffer overflow basic 1: namespace surprises, loose ACLs on config directories, and rooting via a maintenance task running outside its intended sandbox..Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/Perl - Command injection·15ptsPerl - Command injection — Root-MeScripting challenge Perl - Command injection: cron interactions, path hijacking, and turning a minor misconfiguration into a stable foothold..Misceasy#root-me#app-script#easyMay 26, 2026
Root-Me/Docker - I am groot·15ptsDocker - I am groot — Root-MeShell automation and interpreter quirks on Docker - I am groot.Misceasy#root-me#app-script#easyMay 26, 2026
Root-Me/LaTeX - Input·10ptsLaTeX - Input — Root-MeShell automation and interpreter quirks on LaTeX - Input.Misceasy#root-me#app-script#easyMay 26, 2026
Root-Me/Powershell - Command Injection·10ptsPowershell - Command Injection — Root-MeNotes for Powershell - Command Injection cover parsing edge cases, environment leakage, and privilege changes through a helper binary invoked by a scheduled task..Misceasy#root-me#app-script#easyMay 26, 2026
Root-Me/sudo - weak configuration·5ptssudo - weak configuration — Root-MeShell automation and interpreter quirks on sudo - weak configuration.Misceasy#root-me#app-script#easyMay 26, 2026
Root-Me/Bash - System 1·5ptsBash - System 1 — Root-MeNotes for Bash - System 1 cover parsing edge cases, environment leakage, and privilege changes through a helper binary invoked by a scheduled task..Misceasy#root-me#app-script#easyMay 26, 2026
Hack The Box/SilentiumSilentium — Hack The BoxA quiet Linux host still exposes a few interesting HTTP routes and a forgotten dev vhost.Misceasy#linux#easy#hacktheboxApr 11, 2026
Hack The Box/KoboldKobold — Hack The BoxLight recon finds a small Flask surface and a curious static mount.Misceasy#linux#easy#hacktheboxMar 21, 2026
Hack The Box/CCTVCCTV — Hack The BoxA surveillance-themed host exposes a stream dashboard and a brittle onboarding flow.Misceasy#linux#easy#hacktheboxMar 7, 2026
Hack The Box/WingDataWingData — Hack The BoxTelemetry and a lightweight API share the same under-protected gateway.Misceasy#linux#easy#hacktheboxFeb 14, 2026
Hack The Box/FactsFacts — Hack The BoxA fact-checking microservice and an admin export feature create the entry lane.Misceasy#linux#easy#hacktheboxJan 31, 2026
Hack The Box/MonitorsFourMonitorsFour — Hack The BoxA monitoring suite and an agent installer leave several soft seams.Misceasy#windows#easy#hacktheboxDec 6, 2025