Root-Me/CRLF·20ptsCRLF — Root-MeChallenge CRLF on HTTP plumbing and template engines.Webhard#web#root-me#hardMay 26, 2026
Root-Me/API - Mass Assignment·20ptsAPI - Mass Assignment — Root-MeChallenge API - Mass Assignment on HTTP plumbing and template engines.Webhard#web#root-me#hardMay 26, 2026
Root-Me/File upload - Double extensions·20ptsFile upload - Double extensions — Root-MeFor File upload - Double extensions, the backend trusts headers and cookies too much.Webhard#web#root-me#hardMay 26, 2026
Root-Me/XSS - Stored 1·30ptsXSS - Stored 1 — Root-MeWeb client notes for XSS - Stored 1: XSS variants, CSP bypass narratives, and chaining a UI flaw with an API call the server should have rejected..Webhard#web#root-me#hardMay 26, 2026
Root-Me/Javascript - Obfuscation 3·30ptsJavascript - Obfuscation 3 — Root-MeClient-side web challenge Javascript - Obfuscation 3.Webhard#web#root-me#hardMay 26, 2026
Root-Me/PNG - Least Significant Bit·30ptsPNG - Least Significant Bit — Root-MeChallenge PNG - Least Significant Bit: layered images and subtle LSB patterns.Forensicshard#root-me#hard#forensicsMay 26, 2026
Root-Me/Crypt-art·25ptsCrypt-art — Root-MeChallenge Crypt-art: layered images and subtle LSB patterns.Forensicshard#root-me#hard#forensicsMay 26, 2026
Root-Me/PDF - Embedded·25ptsPDF - Embedded — Root-MeStego task PDF - Embedded hiding data in media and metadata.Forensicshard#root-me#hard#forensicsMay 26, 2026
Root-Me/PyRat Auction·30ptsPyRat Auction — Root-MeOn PyRat Auction, the path crosses web, network, and host layers.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/Breaking Root-Me like it's 2020·30ptsBreaking Root-Me like it's 2020 — Root-MeScenario Breaking Root-Me like it's 2020 reads like a small enterprise lab.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/The h@ckers l4b·25ptsThe h@ckers l4b — Root-MeRealistic scenario The h@ckers l4b blending multiple weak services.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/Windows - ASRepRoast·25ptsWindows - ASRepRoast — Root-MeOn Windows - ASRepRoast, the path crosses web, network, and host layers.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/Various encodings·30ptsVarious encodings — Root-MeProgramming puzzle Various encodings focused on algorithmic constraints.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/Second degree polynomial solver·25ptsSecond degree polynomial solver — Root-MeProgramming puzzle Second degree polynomial solver focused on algorithmic constraints.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/ELF x64 - Shellcoding - Sheep warmup·25ptsELF x64 - Shellcoding - Sheep warmup — Root-MeFor ELF x64 - Shellcoding - Sheep warmup, the task tests API misuse and race windows.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/HTTP - DNS Rebinding·25ptsHTTP - DNS Rebinding — Root-MeNetwork challenge HTTP - DNS Rebinding: packet captures and protocol oddities.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/DNS exfiltration·30ptsDNS exfiltration — Root-MeForensics scenario DNS exfiltration with disk and memory artifacts.Forensicshard#root-me#hard#forensicMay 26, 2026
Root-Me/Logs analysis - web attack·25ptsLogs analysis - web attack — Root-MeOn Logs analysis - web attack, investigators recover fragments from an image dump.Forensicshard#root-me#hard#forensicMay 26, 2026
Root-Me/Heist of the century·25ptsHeist of the century — Root-MeForensics scenario Heist of the century with disk and memory artifacts.Forensicshard#root-me#hard#forensicMay 26, 2026
Root-Me/Find the cat·25ptsFind the cat — Root-MeChallenge Find the cat: log triage and artifact correlation.Forensicshard#root-me#hard#forensicMay 26, 2026
Root-Me/ELF x86 - BSS buffer overflow·30ptsELF x86 - BSS buffer overflow — Root-MeSystem-level challenge ELF x86 - BSS buffer overflow on Linux/Windows boundaries.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/ELF x86 - Use After Free - basic·30ptsELF x86 - Use After Free - basic — Root-MeFor ELF x86 - Use After Free - basic, recon highlights weak file permissions and a setuid helper.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/ELF x86 - Stack buffer overflow basic 3·25ptsELF x86 - Stack buffer overflow basic 3 — Root-MeFor ELF x86 - Stack buffer overflow basic 3, recon highlights weak file permissions and a setuid helper.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/ELF x64 - Double free·25ptsELF x64 - Double free — Root-MeSystem-level challenge ELF x64 - Double free on Linux/Windows boundaries.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/SSH - Agent Hijacking·30ptsSSH - Agent Hijacking — Root-MeShell automation and interpreter quirks on SSH - Agent Hijacking.Mischard#root-me#app-script#miscMay 26, 2026
Root-Me/Bash - quoted expression injection·30ptsBash - quoted expression injection — Root-MeScripting challenge Bash - quoted expression injection: cron interactions, path hijacking, and turning a minor misconfiguration into a stable foothold..Mischard#root-me#app-script#miscMay 26, 2026
Hack The Box/GarfieldGarfield — Hack The BoxFootprint suggests a Windows app stack with legacy auth still enabled.Mischard#windows#hard#hacktheboxApr 4, 2026
Hack The Box/PiratePirate — Hack The BoxMaritime branding hides a fairly classic Windows foothold: IIS, an upload nook, and a secondary listener on a high port.Mischard#windows#hard#hacktheboxFeb 28, 2026
Hack The Box/FriesFries — Hack The BoxFast-food theming wraps a Windows box with a quirky upload filter and a secondary management site.Mischard#windows#hard#hacktheboxNov 22, 2025
Hack The Box/NanoCorpNanoCorp — Hack The BoxCorporate nano-tech branding aside, the host exposes RDP hints and a brittle VPN portal artifact.Mischard#windows#hard#hacktheboxNov 8, 2025